MAL-2026-6381 Malicious code in ditenv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0a52dbba9abeff2c606bcbc862027da259fcbd3938c827abfdbdb06ba801ecb setup.py overrides the install and egginfo commands with a RunCommand class that fires unconditionally on pip install or pip download. The override...

MAL-2026-6382 Malicious code in fkaks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e44e1f1158eda01d3f18e3a3c01e30ebc9f8f92780ea532a63cf6ed31d8a25d3 fkaks 0.0.1 ships a setup.py that overrides the install and egginfo commands so that any pip install or pip download of the package unconditionally...

Malicious code in equest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfe07e7f1e241dde491d3d6f5553ed2247a6f8e1dfdf34b0eaa9943a2cba5094 The package name equest is a one-character deletion of the widely-used requests package and ships no functional library code. setup.py registers cust...

Malicious code in ip-rotat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e85ab2724beee13bb6c2658c5bf5d50069c83619f062d39935226ff1fee1c0a3 On pip install or pip download, setup.py registers overridden install and egginfo cmdclass entries that execute ps -elf to capture the host's process...

MAL-2026-5817 Malicious code in merino-common (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 61117d9c074586912421f9fe2104b792a0eb2a359dd1c6e9c8548bc2aa299dd0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-5810 Malicious code in dispatch-internal-plugins (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5993e79eab55ecc24ada6a4bce88f580c958499d51d0d7472e74aad904648964 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in databricks-tools-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9ecf172545ef84f1fcbeeae028a55d2bb570d68a3356a26526269e267f184a10 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in mlir-aie (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b322e48aca1ca0a746c94d2a935756a1303b61a1530cf39bedf9f75097269bad Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-5819 Malicious code in mozautomation (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 26d0e7dfb965969f23786d4bde7d70e597b83df522434aea471171d48442cd12 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-5776 Malicious code in fastgptmini (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4da10d62527ca4b69f4458b6a01c77f01af42c5a1631d5cc6f207070d1ade20d setup.py fetches an opaque file from https://tmpfiles.org/dl/wJwhUXDhUK6M/zvgfsj.txt an anonymous, throwaway file-sharing host during pip install,...

MAL-2026-5775 Malicious code in ckanext-dms (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5bce6d55a65fbab98cd93d6109b563f49e9557b542a8b9c2fd68e25755b7089e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-5768 Malicious code in bash8 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 375ef978992bd3c12f8778e62d2c6f8a105fa3a15cc508db6d8dd6043fd7507c setup.py overrides the install command with a custom InstallWithBeacon class that, on pip install, collects the installer's hostname via...

Malicious code in jec (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cfd390b5ea0fe558bd7f5fd56dec8386148e58d7f8d4b6bba14f8a2aa8b6d323 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-5518 Malicious code in hello-dynamic (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 168dd7abca8ed812dcfb0119eaf80a2b05b186ee37a1e0c8f98e88f884a90602 Package attempts to test exploitation via legacy dependencylinks configuration --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages,...

Malicious code in internal-tracker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e2d5962963c8d8a956fcb154caa77b63b09419f4f58ddb23e2afbb0cb98c6c79 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-5120 Malicious code in redteam-qxz7-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 855b67c0cf1aaed6f5e0ce3a67478a20cd4244c56424002feeeb0dea1a875848 During installation, the package exfiltrates cloud tokens from the environment. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

MAL-2026-5089 Malicious code in cryptolock (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b0140fddafadce54debaca7d9591e2770acd987aaf90ec7008b4ae4cf301c233 During installation, the code tamper with security settings and downloads and executes malicious executable. --- Category: MALICIOUS - The campaign has clearly...

MAL-2026-4837 Malicious code in my-test-package-2025-xyz (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a2f3ab0a3c7ef9009c99575d9dd051c4a97575435cabf5d3a4c223f53bc47b89 During installation, the package opens a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2026-4358 Malicious code in mistral-search-toolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4f3c615d5d39af7634550be88e5630a25b7a3dbd5bd2a8717cb01f07f06a5cd2 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-4354 Malicious code in mistral-workflows-plugins-mistralai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 012c4d9df9467f9847a67be15a746ea186f36d3310d278ca9409d531f5026e12 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...