VDB
KO

MAL-2025-923

Malicious code in fflask (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: ghsa-malware (125471d3fb13da284e2a1e6f08627065506454ba819af239105d536da0854c74) ## Source: kam193 (106052056ac243ab1b11c7bbf3a04ff9f1b408cf92616fa635242b4230490d2f) Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-12-reqesst

Reasons (based on the campaign):

- infostealer

- peristence-autorun

- typosquatting

- exfiltration-generic

- Downloads and executes a remote executable.

- clones-real-package

- dependency-confusion

- exfiltration-browser-data

- exfiltration-crypto

---

Credit: [OpenSSF](https://github.com/ossf/malicious-packages) ([source](https://github.com/ossf/malicious-packages/blob/88c73798a8559379079a46c613bf17f15981dcdc/osv/malicious/pypi/fflask/MAL-2025-923.json))

## Source: kam193 (106052056ac243ab1b11c7bbf3a04ff9f1b408cf92616fa635242b4230490d2f) Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-12-reqesst

Reasons (based on the campaign):

- infostealer

- peristence-autorun

- typosquatting

- exfiltration-generic

- Downloads and executes a remote executable.

- clones-real-package

- dependency-confusion

- exfiltration-browser-data

- exfiltration-crypto

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / fflask

No fixed version published yet for fflask (pip). Pin to a known-safe version or switch to an alternative.

References