{"id":"MAL-2025-1964","summary":"Malicious code in astronomios (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (44bb8480782438fda3365b0ffcc74a04ae68477448d543ae51c1744b0cdb4a77)\nsetup.py contains highly obfuscated infostealer\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-02-astronomio\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n\n\n - dependency-confusion\n\n\n - obfuscation\n\n\n - exfiltration-browser-data\n\n\n - exfiltration-crypto\n","modified":"2026-03-19T13:01:49.944793Z","published":"2025-02-08T20:07:23Z","database_specific":{"malicious-packages-origins":[{"sha256":"fc415dfc4274d891bab6cab0c52a6d50f6ed85c4a5a15cc4a7eccaf1147204e1","versions":["0.6"],"source":"reversing-labs","import_time":"2025-03-03T15:07:13.908954899Z","id":"RLMA-2025-01199","modified_time":"2025-03-03T13:44:39Z"},{"sha256":"6edfbcc895cbfd69fb42f2be18d76f510f3770a01f896d9eb2213701d565ad66","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"source":"kam193","import_time":"2025-12-02T22:30:54.949021955Z","id":"pypi/2025-02-astronomio/astronomios","modified_time":"2025-02-08T20:07:23Z"},{"sha256":"44bb8480782438fda3365b0ffcc74a04ae68477448d543ae51c1744b0cdb4a77","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"source":"kam193","import_time":"2025-12-02T23:07:17.988565921Z","id":"pypi/2025-02-astronomio/astronomios","modified_time":"2025-02-08T20:07:23Z"},{"sha256":"981890ec9e60b6d34f7844c7a9a2e07dab6ccd928616537bac2b50bc56d01c96","versions":["0.6"],"source":"kam193","import_time":"2025-12-10T21:38:57.294077201Z","id":"pypi/2025-02-astronomio/astronomios","modified_time":"2025-02-08T20:07:23Z"},{"sha256":"fc58d82dbbceb4abf143cd17fa209117f967088309c0bf9f6c5f068602a18d13","source":"reversing-labs","import_time":"2026-03-19T12:19:24.181556317Z","id":"RLUA-2026-00085","modified_time":"2026-03-18T12:11:15Z"}],"iocs":{"urls":["https://raw.githubusercontent.com/antivirusevasion23/injection/main/injection.js"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/astronomios"}],"affected":[{"package":{"name":"astronomios","ecosystem":"PyPI","purl":"pkg:pypi/astronomios"},"versions":["0.6"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/astronomios/MAL-2025-1964.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}