MAL-2026-696 Malicious code in pathfiles (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a96d53709493a07432f8619b9ca322fef0fb4bf9080a02da7e8f6bc03353b3c0 Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...

MAL-2026-651 Malicious code in cat-admin-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 34286533490c9ad41743b1eea6659d9c4fd3e62d1a830658b90840f3c49a6c8c Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...

Malicious code in cat-admin-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 34286533490c9ad41743b1eea6659d9c4fd3e62d1a830658b90840f3c49a6c8c Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...

Malicious code in chia-pool-reference (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 51f7e4eb8c8b82bd7c7514255d0eb51dddc657c4b06845232ad8490a514a139c Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...

MAL-2026-652 Malicious code in chia-pool-reference (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 51f7e4eb8c8b82bd7c7514255d0eb51dddc657c4b06845232ad8490a514a139c Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...

Malicious code in credit-decision-metrics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a0320017dad96c95d4741c311ead566b7d6bea0c7ffdceea82b435ce74a40de Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...

MAL-2026-653 Malicious code in credit-decision-metrics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a0320017dad96c95d4741c311ead566b7d6bea0c7ffdceea82b435ce74a40de Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...

Malicious code in zabitog (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 23d4c7f55266f10f23ddf4a743bb4222b920c0e7f4472c1572a51831a3d1f247 Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...

MAL-2026-654 Malicious code in zabitog (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 23d4c7f55266f10f23ddf4a743bb4222b920c0e7f4472c1572a51831a3d1f247 Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...

MAL-2026-618 Malicious code in learning-curve-projects (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 535d27590bc02eadc7c52e7179ac183cfaac3079b16ae34a204e55b3e145ae62 Package contains hidden highly obfuscated code that is loaded during importing the module. --- Category: MALICIOUS - The campaign has clearly malicious intent,...

Malicious code in learning-curve-projects (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 535d27590bc02eadc7c52e7179ac183cfaac3079b16ae34a204e55b3e145ae62 Package contains hidden highly obfuscated code that is loaded during importing the module. --- Category: MALICIOUS - The campaign has clearly malicious intent,...

Malicious code in fastpi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2928970260fda87aaa57272b8042ae1a9661ad1a1bdeec1e73903e84ce3354cd Malicious copy of the legitimate FastAPI. The modification loads code encrypted in one of the attached files. The final, highly obfuscated code is most likely...

MAL-2026-504 Malicious code in researchpoc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 20a5e6f7ec432b0c41646f696c530fb5e46e034477a23d448de1ac3f18172bec Package mentions being a research PoC, probably for dependency confusion, but the code is obfuscated making verification of the claim impossible. --- Category:...

Malicious code in researchpoc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 20a5e6f7ec432b0c41646f696c530fb5e46e034477a23d448de1ac3f18172bec Package mentions being a research PoC, probably for dependency confusion, but the code is obfuscated making verification of the claim impossible. --- Category:...

Malicious code in aiihttp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e98bbfaaccc91213e80bb0a09f5081a5701cf01629ac8b82370adbbbc42178b0 Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...

MAL-2026-36 Malicious code in aiohtto (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9338a4f3f167cf0ba279696ac9ae9bae26219391e2a87a805cc8bb92b4cddd6e Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...

ReSMT: An SMT-Based Tool for Reverse Engineering

Software obfuscation techniques make code more difficult to understand, without changing its functionality. Such techniques are often used by authors of malicious software to avoid detection. Reverse Engineering of obfuscated code, i.e., the process of overcoming obfuscation and answering questio...

Malicious code in kzip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7a81e0fa699edbad810083efb9de4e22f5088c31c22fdf71f7e519269dc5ad01 During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

New ClickFix wave infects users with hidden malware in images and fake Windows updates

Several researchers have flagged a new development in the ongoing ClickFix campaign: Attackers are now mimicking a Windows update screen to trick people into running malware. ClickFix campaigns use convincing lures, historically “Human Verification” screens, and now a fake “Windows Update” splash...

MAL-2025-191674 Malicious code in aiogram-msgeffect (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 edd5a99e6d1cebb47e713991f08b50dee4b5bf93ae487f6adc446318ccdba6e7 Importing the module starts obfuscated code which then look for data related to some Telegram clients and attempt to exfiltrate them --- Category: MALICIOUS -...