57 matches found
Malicious code in xfoofoox (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 94e46dfacc8ffb015e2258d96dedda0eebb7118144ace7021794c88b319ade14 During import, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in solana-cli-py (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d1906f26c40e0ea91316c6c85ba5fea16d52a711c7a5edf3d847578cdd653715 During import, the package exfiltrates sensitive data credentials, SSH keys, cryptowallet's data. It also establishes persistence via a cronjob. --- Category:...
Malicious code in solana-web3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 91c09b86579a07d271d3bcd57adf5b5b161e49e36c3bd7af09c50dd8127aa54f During import, the package exfiltrates sensitive data credentials, SSH keys, cryptowallet's data. It also establishes persistence via a cronjob. --- Category:...
Malicious code in anthropy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4f399f7bce64b482a85876e01829154fd6031d69466c7d46543f1126eb12f854 During import, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
MAL-2026-5029 Malicious code in modulebuild3240234t (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4d5962bd4c41d59c276f1fa132030098e557dee6bfe0b0a368a952f70d217287 The package contains an infostealer targeting the Roblox ecosystem. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
Malicious code in modulebuild3240234t (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4d5962bd4c41d59c276f1fa132030098e557dee6bfe0b0a368a952f70d217287 The package contains an infostealer targeting the Roblox ecosystem. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
Malicious code in datapipe-util (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 74a9da1afe75ec2379c4bade6ac5145c920900e1a1e1173d59b9003061e3fb0f The package intentionally uses the malicious binproto package deploying the malware. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2026-3664 Malicious code in workingitmehelpit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3e553fe0eea72dc43eab2696330acd6fbb3e4de8c95529eab6298411620c0c9f Package installs malware identified as a backdoor or reverse shell. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
Malicious code in crypto-bot-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3ece4ae851dba85751377f47097bd30525eafdcbf8cd08b57d2a06aa3a02b367 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...
Malicious code in solana-scanner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 047a41b9a67bb975c2e98b31b5e13875569de5097f0b61bb5984e300687e03e3 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...
MAL-2026-3219 Malicious code in tns-py (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 186bfba0931ba063bd6e71325785b97c646cbfaaf91c4dca876653673d29c0cc Package is prepared to exfiltrate environmental variables. The wording used clearly states it's part of a campaign targeting cryptocurrency users via malicious...
Malicious code in buffparser (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5cc891132b1216e9093bcdd4581373dc7f750f700c82347c28bd1dff079261d8 Described as a utility for gaming, the code starts a reverse shell when using the exposed alledegdly parsing function. --- Category: MALICIOUS - The campaign h...
MAL-2026-3139 Malicious code in robase-start (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 827cc431e55560fd4944d6b7fa6c47e6adb5027a75fe949642630843b0c8702e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in fetchapi-syncdata-pypi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d0dcf5bd5c71d077b3763c74d57d68d5517a2b5c5229fdd5bd6f7369cb2a0f49 The package contains code to download and start a malicious executable. It's masqueraded using name similar to Windows services. In analyzed versions, the code...
MAL-2026-3100 Malicious code in fetch-data-api-syncapi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dda63ba0d0dbd4ddf1d89523cacf89d51ffc9a25891e38cb49a9e424721fba9d The package contains code to download and start a malicious executable. It's masqueraded using name similar to Windows services. In analyzed versions, the code...
Malicious code in robase-gui (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ffbeda05758af4fb3c32de434df674102718336d499124f08b158271e4a08f7e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-3044 Malicious code in quicksolving (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 334524bfbf6438acc5016e76054740cdb532bdd9921695cbcc1852c568226708 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in rosolver (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0904af239ce7e030d9cde78de066412fb3942a4b12ea8be5c5d45681417230fc During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in robase-library-quick-install (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3655afd9220b8d5df96a51d63e383fd4face5be5f31a2da02bcaf379d6625c6b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in test-pkg-jie (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bc409f90d96c576263a60bd95ab30260b973097425292cdd53999e49cb3c4011 During installation, the package attempts to create a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...