Malicious code in xx-ent-wiki-sm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5ebf0745c51c955dbe898efb0f6b721f30dd75edc24b4ee234e8574cee3da9d3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191690 Malicious code in bh-25-req-ase (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ddd759ada90b89401904e23b4e8cbe6a3021baf3c34495150b4a713ca7063be0 If run, the package exfiltrates AWS credentials. Though it's described as test, the exfiltration really happens --- Category: MALICIOUS - The campaign has...

Malicious code in thisisthedaventestz (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d5f510bfda1aeb6999f77b06597e760e13d4058dab2a7f8620bf8c561db5d39c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-6602 Malicious code in torchao-nightly (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-6589 Malicious code in solidity-coverage (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-191689 Malicious code in backtradingbot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 117c24f5b7a0f5e4921e4478231a717ecca01748a5b266d8984e619f06173984 Running the installed entry point downloads and executes remote code. During the analysis, the code was switching to websockets, adding a startup script and...

Malicious code in backtradingbot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 117c24f5b7a0f5e4921e4478231a717ecca01748a5b266d8984e619f06173984 Running the installed entry point downloads and executes remote code. During the analysis, the code was switching to websockets, adding a startup script and...

Malicious code in hello-from-shiphero (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 00eb05ac59ee167606a053bd1ac9f705de178f9a576e6fe78bae415d599157b1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191821 Malicious code in prof-qux (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5b87af8d8f13bd43c1cf3490ea551b8d60fe05a482875597ef2fe5d2c200ca19 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

MAL-2025-6010 Malicious code in ruamel-poc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1381375ccfff8dc10b3416284ac4a9a91c69bb2d5e7b652a2df24a64f4c5d512 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-193014 Malicious code in cas-base (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 69eb341218878aebdec66eb5a44391314921fe3c7fb387021d0684bbb91913b3 The package contains code to install remotely stored malware and ensure its persistence. The code is not triggered automatically; it requires a separate trigge...

Malicious code in package-346234294 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c9741d027897445cdd34a40de0f592a42641170b88a9cbab6cee3dbaaeeedb39 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

MAL-2025-191764 Malicious code in imad213tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2cddffd96538ab03979aa6404e3c946258e49677220c4820f3a8f0972b31cb17 Encrypted code offering massive sending Instagram followers. 1 besides of using some shady services to achieve the goal, it also exfiltrates saved Instagram...

MAL-2025-6543 Malicious code in malimalooo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 68fa420b0a99cf34a9226a9deb8781219fd54964c91f41a41d2867063a365c32 The only goal of the package is to execute a webhook or a suspicious file during installation. Closely related to 2025-07-0x9xnx - created after previous...

MAL-2025-6620 Malicious code in walletutility (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b2977792a67d074770c5080ac055addab8c5bf6b77bf203132fb2c67f32091a6 Package silently exfiltrates the provided mnemonic --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Malicious code in hashidf (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 126b111d14601f2ff653938378c5e6d0f534439f0eac8db7984dfe7aa0f20b52 If ran as a module, the package silently starts a binary hidden in a txt file in the background. At the moment, it appears to be PuTTy, and without additional...

MAL-2025-5098 Malicious code in blackspammerbd-workout (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-191934 Malicious code in win32evtlogutil (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5d62d03c43564c8087172222e65beaf334bd9f219291eb6c36a142ad88adef4f Research packages targeting typosquatting and dependency confusions, without really harmful behaviour - just calling home through DNS resolver. Related to...

MAL-2025-6552 Malicious code in my-fun-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6642f3653e49e0a80b7fadf4c06bc64cba8a1a359772f1c7a668888278348fd6 During installation, the obfuscated code attempts to insert a modified Python DLL and runs a code. --- Category: MALICIOUS - The campaign has clearly malicious...

MAL-2025-191879 Malicious code in stubsout (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 288961ef642901bbbd1ecf1fee45702985e9691d3f2fdc95f5990a197df2782b While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...