MAL-2026-5458 Malicious code in ultimate-ai-power (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 70f226090d6e1bc8acebdeff932907dda5bcf88c21b6c47d25360cd69a606f0d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in goodoltoulas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1279e2d267bf2af95bf5c3a98cc71ac362ed2af7aa35f6bbfe1f05bb839cb18 During installation, package attempts to download and run an executable imitating malicious activity. --- Category: PROBABLYPENTEST - Packages looking like...

Malicious code in goodoldtoulas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 24dbb5643933ff305b2eab164e820476f645ef2b59ad7c7cdfdeb2c3c3bfb98f During installation, package attempts to download and run an executable imitating malicious activity. --- Category: PROBABLYPENTEST - Packages looking like...

MAL-2026-5271 Malicious code in goodoldtoulas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 24dbb5643933ff305b2eab164e820476f645ef2b59ad7c7cdfdeb2c3c3bfb98f During installation, package attempts to download and run an executable imitating malicious activity. --- Category: PROBABLYPENTEST - Packages looking like...

Malicious code in hpe-glcp-automation-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 53256c57763ad4be286cf74bf0162b67413edc085338e3778ac9bc2afa1b4b93 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-3705 Malicious code in math-array-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1b6411ce9c35210436bef6dadb284e5d89ec85c2cc17f970509aa4b5f30c2440 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

Malicious code in math-array-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1b6411ce9c35210436bef6dadb284e5d89ec85c2cc17f970509aa4b5f30c2440 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

MAL-2026-3701 Malicious code in api-request-helpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c8e8b70ac4deca30691d583ac6891034222b7458bf5ba9e7b86cf5e6627d8abb During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

Malicious code in bytedaaa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fedb317c49dbeddcfa00503c821197919801ee034dd6713e6a1c45ea68ebd7dc Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-3047 Malicious code in robase-gui (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ffbeda05758af4fb3c32de434df674102718336d499124f08b158271e4a08f7e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2964 Malicious code in buildenv-collector (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ed214a591cc269b484b5a0831e170e9db89aa33d168ab77c7826837495cd0f38 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2860 Malicious code in mylib-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8cc746751844570c4d9de0acc1fc4aba45c1316434c664fc70711749720f88f1 During import, a remote executable is automatically started. During analysis, the executable only showed a basic message. It's likely experimenting with...

MAL-2026-2836 Malicious code in restasv3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8b1f1a7427290168b0acaa2bd682cb33a9d3384eb9f0ea95d2bbd295152bfff7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in robase-fallback (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a90a9e6e638fef782e18c99b5ab69341776385c7c7e6000af01a6b0fd2c3b0b6 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2301 Malicious code in dremel (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27df3a2ebf6e129a3e640d55b9dd03b5f21cef1694cd6ccdae97e456f098ce2c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in database-roblox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bc72e398d8a27feaf630ecd5c3f852b452ad895a1e0a104abbc87da277e3bfc4 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in roboat-additions (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1af64a27f6bd87cbd380cb838d6c8c06696f9497c246fe348d5af1bbc17f6122 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2182 Malicious code in sonic-yang-mgmt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8013d6980c9ac5e595a47f3464594348804620b433495e07afadff081bc89913 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2151 Malicious code in tap-wordpress (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 53e2ce83230d861f844469c970eee52f778a63852ef04de9007e9bb8f883256e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in pipinpeace-reverse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 471ba9f8dde66035e8bff446fc8acb160f041648a1fc47dd3f00db6e2ea58d08 Package is designed to start a reverse shell during installation. However, it requires providing a URL as an installation parameter, which suggests it's more...