Ingest OSV - Cloud Storage

Author: github-actions

config/start-keys.yaml

@@ -1,7 +1,7 @@
 amazon-inspector:
     IN-MAL-: IN-MAL-2025-149197.json
 kam193:
-    pypi/packages/malicious/osv/: ecee0b71f6084bf9023331de62eb254f8d428586
+    pypi/packages/malicious/osv/: f07f46ba2351731ca5adea819e54e644b4fb38c0
     pypi/packages/pentest/osv/: 27cbe31837ebfb9ccc169b6c60ebc77b8545845e
     pypi/packages/probably_pentest/osv/: c1b996ad1142bc47f43e30615d9e5a83d344134e
 ossf-package-analysis:

osv/malicious/pypi/blank-lib/MAL-0000-kam193-96f1bcd77950a6cd.json

@@ -0,0 +1,51 @@
+{
+  "modified": "2025-12-07T01:03:47Z",
+  "published": "2025-12-07T00:40:43Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in blank-lib (PyPI)",
+  "details": "This is an infostealer, based on Blank Grabber. It's used as dependency in other malicious packages\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-12-blank-lib\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n\n\n - infostealer:blankgrabber\n\n\n - clones-real-package\n\n\n - The malicious code is intentionally included in a dependency of the package\n\n\n - exfiltration-credentials\n\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "blank-lib"
+      },
+      "versions": [
+        "0.0.8",
+        "0.0.9"
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://bad-packages.kam193.eu/pypi/package/blank-lib"
+    }
+  ],
+  "credits": [
+    {
+      "name": "Kamil Mańkowski (kam193)",
+      "type": "REPORTER",
+      "contact": [
+        "https://github.com/kam193",
+        "https://bad-packages.kam193.eu/"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "kam193",
+        "sha256": "96f1bcd77950a6cd42af11d0d4fb4ba3d58349cfde6236027341c044e152bfeb",
+        "import_time": "2025-12-07T01:35:44.731111152Z",
+        "id": "pypi/2025-12-blank-lib/blank-lib",
+        "modified_time": "2025-12-07T01:03:47.110526Z",
+        "versions": [
+          "0.0.8",
+          "0.0.9"
+        ]
+      }
+    ]
+  }
+}

osv/malicious/pypi/python-tg-bot/MAL-0000-kam193-5397ab6595b82371.json

@@ -0,0 +1,51 @@
+{
+  "modified": "2025-12-07T00:50:39Z",
+  "published": "2025-12-07T00:50:39Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in python-tg-bot (PyPI)",
+  "details": "During importing, a dependency with infostealer is loaded and package attempts to exfiltrate credentials.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-12-blank-lib\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n\n\n - infostealer:blankgrabber\n\n\n - clones-real-package\n\n\n - The malicious code is intentionally included in a dependency of the package\n\n\n - exfiltration-credentials\n\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "python-tg-bot"
+      },
+      "versions": [
+        "22.5.1",
+        "22.5"
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://bad-packages.kam193.eu/pypi/package/python-tg-bot"
+    }
+  ],
+  "credits": [
+    {
+      "name": "Kamil Mańkowski (kam193)",
+      "type": "REPORTER",
+      "contact": [
+        "https://github.com/kam193",
+        "https://bad-packages.kam193.eu/"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "kam193",
+        "sha256": "5397ab6595b8237172e9a49952d092803e03526e3dda8277c64dc4d26ae45ff2",
+        "import_time": "2025-12-07T01:35:44.733391151Z",
+        "id": "pypi/2025-12-blank-lib/python-tg-bot",
+        "modified_time": "2025-12-07T00:50:39.178299Z",
+        "versions": [
+          "22.5.1",
+          "22.5"
+        ]
+      }
+    ]
+  }
+}