Malicious code in justinleaguekems (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 039b35e6547b64dd3e28ba9e178b9716447f88d6bd9558766c9ffe8850262d99 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in pipinpeace-bind (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e78be1bf65bda1455a5f08dafdf69aef528e4fb206333e1ecb6c6a97fe8adbc2 Package is designed to start a bind shell during installation. However, it requires providing the port as an installation parameter, which suggests it's more...

MAL-2026-844 Malicious code in vllm-plugins (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4fa0706d497278a502d158c89d51645a6f4e8187ca325aacaa59facccf542a03 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

Malicious code in vllm-plugins (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4fa0706d497278a502d158c89d51645a6f4e8187ca325aacaa59facccf542a03 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

MAL-2026-504 Malicious code in researchpoc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 20a5e6f7ec432b0c41646f696c530fb5e46e034477a23d448de1ac3f18172bec Package mentions being a research PoC, probably for dependency confusion, but the code is obfuscated making verification of the claim impossible. --- Category:...

Malicious code in instascan-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 94d76fe0beb67ab3d875d659dac44b4650be6b8f5bbb4b43635c0fc2fa7b4af9 The package contains a module prepared to collect and exfiltrate user's files. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in netbenchkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fa328b263fd5f17449e326d05af9a5849a25d6c028d092e586097e95c4e1db59 Package imports and executes malicious synium package --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2025-192437 Malicious code in netbenchkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fa328b263fd5f17449e326d05af9a5849a25d6c028d092e586097e95c4e1db59 Package imports and executes malicious synium package --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2025-192438 Malicious code in synium (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 85fc917c33d970cb3365ff112f788b229638b757c32eaf99ba1054c8596298c1 During import, package exfiltrates specific global variables to a remote target in a way typical for infostealers --- Category: MALICIOUS - The campaign has...

Malicious code in rtcplogin (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2f986d2da01fbdba339f3d073a84dd5c57ba0aa19113574702160654f70f0620 Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

MAL-2025-191859 Malicious code in rtcpstream (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 aa2920b4ae77a6e47bbf9ac8163f8d9a30d62966097d34989a36103a76178558 Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

MAL-2025-191755 Malicious code in hexcon (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 191af8110082a90345db609c8f23d2313a5be68ec121742172f32cf3a1d5d905 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

MAL-2025-191700 Malicious code in chicopute (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d495090103e9ff8ca138e9ad2b40556ce900f92d07ac058463eb58f42edacc85 Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

MAL-2024-12330 Malicious code in pycryptographylibv3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 961e4f12709e7f7b2cceaca041246d901647f258e22b2930e53a181dbe0c52ef Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2023-12-bananasqua...

Malicious code in pycryptographylibv3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 961e4f12709e7f7b2cceaca041246d901647f258e22b2930e53a181dbe0c52ef Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2023-12-bananasqua...

Malicious code in pipcolorpkgv2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a95f9f4af9619a03c6116af22cc53f289c869d09569629216fd32ea12a5a63cc Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2023-12-bananasqua...

MAL-2024-12287 Malicious code in hmac2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 055915f62eab8a5fe37b7501a3ed565a2aba267bdd69e82acaa13525bacf41a1 The package contains obfuscated code that exfiltrate basic data, and then executes commands delivered from remote server --- Category: MALICIOUS - The campaign...