364 matches found
MAL-2026-3142 Malicious code in timemcp-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8e125c901115c73a3467acea1300ccc14f718459dbf54ad11a8baf7c39cc03d9 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
MAL-2026-3139 Malicious code in robase-start (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 827cc431e55560fd4944d6b7fa6c47e6adb5027a75fe949642630843b0c8702e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-3133 Malicious code in fetchapi-syncdata-pypi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d0dcf5bd5c71d077b3763c74d57d68d5517a2b5c5229fdd5bd6f7369cb2a0f49 The package contains code to download and start a malicious executable. It's masqueraded using name similar to Windows services. In analyzed versions, the code...
MAL-2026-3105 Malicious code in mypypipkg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a94a9bbd6a292f754fedd6ae737eaf5259925cf382a610c9d63e9d210a3f3677 When running as a module, the package starts a VSCode tunnel and exfiltrates the connection link to the hardcoded target. This lets the attacker connect the...
MAL-2026-3091 Malicious code in bytedfaas (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ec7e2decd402442fba2d4ebd7637b596a33ef132120ffe4f3a8b5d2d6ce8475e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3084 Malicious code in byteclaw (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3fe21c4a32b814a0b46b75a26033bae1f40e1caa237e394842aff14639b7aaec Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in test-pkg-jie (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bc409f90d96c576263a60bd95ab30260b973097425292cdd53999e49cb3c4011 During installation, the package attempts to create a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
MAL-2026-2843 Malicious code in shan-lib-poc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f6c2f4a0560b1811eba11c9fd304f7441ab7e04f4e569e01bdfe06aba6722edb Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2840 Malicious code in sher-server-tool (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e83ee8187475c07ed6ea406a698e3f9d3c55efec8e689ba0c110a6ee2ce1012b Starting the module activates a hardcoded telegram bot allowing remote code execution, data exfiltration, collecting webcam photos, clipboard data, etc. ---...
Malicious code in restasv3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8b1f1a7427290168b0acaa2bd682cb33a9d3384eb9f0ea95d2bbd295152bfff7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in robase-quick-install (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f69377c01d5c0980cb9bf905be35133e5cd077e7c64c577460dc06e3871c2d9e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2561 Malicious code in robase-help (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b83143e22b0a815d6a2702f547ae9f4620ee086c8b9360a0d60ff2ed2186d56b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in ks-hex2pcap (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 90b58f7aa303c563186a1d1c2a89d13caec4e0c04a48f6838fcba294b7846e96 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in phasedibd (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8d514af72edb0054d9c5ff73f59a8517927dc660a5a58c8a03baf8abc5b22365 Dependency confusion attempt. The user identifies themselves as a HackerOne user abusing the PyPI for the purpose of a bug bounty program. This package did not...
MAL-2026-2489 Malicious code in databaserobooms (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 193ce4e29885d967183910228ce00d02b4380d25ff1a9b342b1fb5b4c124e3ca During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2448 Malicious code in supervisors (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c9f99997c1443b3be7bee7a7d490d05077e1d1c48bdd801f7357881ab1a73ca0 The setup.py contains a malicious code that skips execution if the system uses Russian language. Otherwise, it downloads the URL of the next stage payload from...
MAL-2026-2316 Malicious code in openai-async-helpers (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7619c9858e5326f4842462084bc313409a364f2b5c9aa004103c7d33a97c3545 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in hiveos-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6d040e58dddde324da836a19a41eb5c65698ef869ed3e534f662136f1fb48440 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in roboats-addition (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f9c3e8c3efcca9a56765d765638b1f7a25769a8a94693c4f391804337be55fcf During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2244 Malicious code in fluxhttp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2669b72303bd592ba1633febc04bca1f0a8804d8546baf21b5f3f12baaa80f29 Malicious clone of a legitimate package. When using it, the code attempts to download and execute remote code. In on of the incarnations, the malicious code wa...