{"id":"MAL-2025-1982","summary":"Malicious code in mlc-ai-nightly-rocm62 (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (d19b7d0a36e093c723972a96552235036df64fd3c5e2ba6bb85d979a4c65c00d)\nInstalling the package exfiltrates information about the host, including environmental variables.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-01-mlc-ai-nightly\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n\n - exfiltration-env-variables\n\n\n - dependency-confusion\n","modified":"2026-03-19T13:03:43.000662Z","published":"2025-01-21T18:27:56Z","database_specific":{"iocs":{"domains":["depcon.buzz"]},"malicious-packages-origins":[{"sha256":"21e9ff8aa8baa2fa66566f09a96f812b7d158cb7d8570aea4f20a634e630dade","import_time":"2025-03-03T15:07:15.943392982Z","id":"RLMA-2025-01223","modified_time":"2025-03-03T13:45:01Z","versions":["9.9.9"],"source":"reversing-labs"},{"ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"import_time":"2025-12-02T22:30:55.340705968Z","id":"pypi/2025-01-mlc-ai-nightly/mlc-ai-nightly-rocm62","modified_time":"2025-01-21T18:27:56Z","source":"kam193","sha256":"3accdd849420abc9915ec783d6e922f8d855863e4a6092e90648481d1c3fe530"},{"ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"import_time":"2025-12-02T23:07:18.37021415Z","id":"pypi/2025-01-mlc-ai-nightly/mlc-ai-nightly-rocm62","modified_time":"2025-01-21T18:27:56Z","source":"kam193","sha256":"d19b7d0a36e093c723972a96552235036df64fd3c5e2ba6bb85d979a4c65c00d"},{"sha256":"38c58eadf0180af4d0acfbd88c4e995475f9316a397bc7717f8d5132f1211d8f","import_time":"2025-12-10T21:38:57.596207783Z","id":"pypi/2025-01-mlc-ai-nightly/mlc-ai-nightly-rocm62","modified_time":"2025-01-21T18:27:56Z","versions":["9.9.9"],"source":"kam193"},{"sha256":"f0c638762725a4691aaaa3cf71ce201531a2a054a16e3b4e2d8d02760ec5e2ed","import_time":"2026-03-19T12:20:05.260351975Z","id":"RLUA-2026-00527","modified_time":"2026-03-18T12:16:10Z","source":"reversing-labs"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/mlc-ai-nightly-rocm62"}],"affected":[{"package":{"name":"mlc-ai-nightly-rocm62","ecosystem":"PyPI","purl":"pkg:pypi/mlc-ai-nightly-rocm62"},"versions":["9.9.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mlc-ai-nightly-rocm62/MAL-2025-1982.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}