364 matches found
Malicious code in pyqt6darktheme (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8cd6d16792d681b160ae1e11b3f698d8fd3004cd6019704008ad1c649fbe6f67 Package downloads and runs a remote executable, which was found to downloads further exes and starting coine mining --- Category: MALICIOUS - The campaign has...
Malicious code in jsonschemavalidation (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eae82aa94c358f1f00f8a12e8b583cee82efdcf09d2f80263e6851ac0fec98f3 The PyPI project jsonschemavalidation builds a wheel whose installed top-level package is literally jsonschema tool.hatch.build.targets.wheel package...
MAL-2026-6926 Malicious code in paysafe-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 caf46df1f47845e37bbc00d4e8f160dcf057b67aee189c7e7919f32d662f2915 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...
Malicious code in bytekit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bbaea22b635a4a8425964572b733b806f45714a9090492d1c39d545088fe336 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...
Malicious code in dt-validator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0dd6dc392ad68861c938e7798773adf5359c835743e711a834d84221b481bdf The package's top-level public API dtvalidator.validate — colocated in all with legitimate helpers validateextension, validatesize, and...
Malicious code in @marketfront/fashiononboardingpopup (npm)
The @marketfront/fashiononboardingpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0...
Malicious code in @marketfront/commonecommerce (npm)
The @marketfront/commonecommerce package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in @marketfront/footer (npm)
The @marketfront/footer package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Malicious code in @marketfront/devtoolsloader (npm)
The @marketfront/devtoolsloader package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
MAL-2026-6280 Malicious code in ip-rotat (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e85ab2724beee13bb6c2658c5bf5d50069c83619f062d39935226ff1fee1c0a3 On pip install or pip download, setup.py registers overridden install and egginfo cmdclass entries that execute ps -elf to capture the host's process...
MAL-2026-5795 Malicious code in gptminifast (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 367066b272bcc8da7b253c53e1771b5aad257edef1e77ee29fc9a8c9ba73bf63 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...
Malicious code in gptminifast (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 367066b272bcc8da7b253c53e1771b5aad257edef1e77ee29fc9a8c9ba73bf63 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...
MAL-2026-5776 Malicious code in fastgptmini (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4da10d62527ca4b69f4458b6a01c77f01af42c5a1631d5cc6f207070d1ade20d setup.py fetches an opaque file from https://tmpfiles.org/dl/wJwhUXDhUK6M/zvgfsj.txt an anonymous, throwaway file-sharing host during pip install,...
Malicious code in generatellm (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31201af7035560c0798b46e67a374b9526a7e8ed2f856235e5eb0438d1a8d080 GenerateLLM 2.23 is a hollow PyPI package placeholder metadata, no functional code under src/, only an egg-info directory whose entire payload is an...
Malicious code in llmgenerator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06e55ac2d3368516d538c8efaad2b83814dbb61813f36ab5655f77677ca0d6be On pip install, setup.py performs an HTTP GET to https://pastebin.com/raw/yBcUM1QB, takes the first line of the response body, and passes it to...
Malicious code in easyaillm (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6268f175708584b9c3de408c80de3dc1162f4d1ddedb1ce6201b90f409b0dea On pip install easyaillm, setup.py runs execbase64.b64decode... which decodes to code that fetches https://pastebin.com/raw/hEF5HaFc, treats the...
MAL-2026-5756 Malicious code in easyaillm (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6268f175708584b9c3de408c80de3dc1162f4d1ddedb1ce6201b90f409b0dea On pip install easyaillm, setup.py runs execbase64.b64decode... which decodes to code that fetches https://pastebin.com/raw/hEF5HaFc, treats the...
MAL-2026-5755 Malicious code in anthropickit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3e103a8a230b5fb3066fb0a9eb7f5fdf5831d4c7b71a9d83de54d8d6673eae2 On pip install, setup.py collects the contents of every file in /.ssh excluding knownhosts and authorizedkeys, so private keys are read, all...
MAL-2026-5679 Malicious code in pylogxo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbeee018f429f5a978b85aa3999c8e24251a85dc787b1e4fd673abcabf157800 On import pylogx, the package spawns a background thread that sleeps 5-20 seconds, force-installs sensitive third-party packages cryptography,...
Malicious code in bittensor-emission-tracker (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca5db94f9840938f43eca692c1176b72bbd94a2f86a694c3293853f39b886a2f The package advertises Bittensor subnet burn-rate monitoring but ships a Cython-compiled darwin.so core.cpython-310-darwin.so containing an...