34 matches found
Malicious code in cubaflixdownload (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e301875480dd0a0265eef6c8d1a5b65ef85f1e2051d0e5491dcb4767c5f7b578 During importing, the code automatically starts a Telegram bot designed to download and save files locally upon a specific message in the channel. While this...
Malicious code in tableapy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7adeff5bc226723e8e3241a36596e3e99094553770deda5e89ac8caf7c0e0f01 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
MAL-2026-650 Malicious code in tableapy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7adeff5bc226723e8e3241a36596e3e99094553770deda5e89ac8caf7c0e0f01 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
Malicious code in tabullates (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 499d47c3064299cb3d921b32ac9f22c2bab7b0b841b3de3a0cee3029625d5d26 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
Python Site-Specific Hook Persistence
This module leverages Python's startup mechanism, where some files can be automically processed during the initialization of the Python interpreter. One of those files are startup hooks site-specific, dist-packages. If these files are present in site-specific or dist-packages directories, any lin...
MicrosoftAmplifierPoC
Microsoft Amplifier RCE PoC Proof of concept demonstrating re...
MAL-2025-47875 Malicious code in tikweb (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 56e420aab6cf451bf10ab865d2950af02e45914f0a7618355f7ee8384ddcd858 This malicious package claims to interact with TikTok web features programmatically, but runs malicious obfuscated code upon import and via other...
Malicious code in vielcord (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4663c6d9af6fa1feac7fd1719e4ff1a729bc8297eec7ce927a13804d475d2c8b During the execution, the package silently download and runs a JAR not related to the package job. At the time of analysis, the content was corrupted ---...
MAL-2025-47510 Malicious code in vielcord (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4663c6d9af6fa1feac7fd1719e4ff1a729bc8297eec7ce927a13804d475d2c8b During the execution, the package silently download and runs a JAR not related to the package job. At the time of analysis, the content was corrupted ---...
Malicious Package
Overview loquru is a malicious package. This package contains a malicious code and uses "typosquatting" to bait unaware users to install it. The malicious loquru package pretends to be the popular loguru library. It hides malicious code within a string of whitespace, which is executed upon import...
Malicious code in gslack (npm)
This package runs commands on import that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 72940e36f27a988f3e03f79a6a0ce0cafc2e871808da0318087ed2657454ecf9 Any computer that has this package installed or running...
Malicious code in honeybook-marketing-gatsby (npm)
This package runs commands on import that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6a761d9d52123cbe6038ec3bf99541c0d74203f7a450e8149baf18d9ed8fb6b Any computer that has this package installed or running...
MAL-2024-12230 Malicious code in catme (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7b5df44af9cbed7b8a7112f36f9c99b466e9143b36d62fd43e4caf480df811d0 Importing the module starts executing a remote script, as well as leaves a persitance in the .bashrc --- Category: MALICIOUS - The campaign has clearly malicio...
Malicious code in bytekafka-0-0-15 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4619fa745296f46998d4eb4e25a7f4841bdd8634ead366c63521d25abf739a7e A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...