MAL-2024-11517 Malicious code in agent-user-generate (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 514af1dfd929068fabc7527812b99ec6a287c3601d7cf4ed1d29c55e74339fac Inside the library there is a part running code hidden in the attached image, which then exfiltrate user-provided data, downloads and install next stage code,...

MAL-2024-11740 Malicious code in user-random-agent-user (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 593686652ece19b8d2d79006659b8392c347442f9a8403ef1b9f8a8bfa232925 Inside the library there is a part running code hidden in the attached image, which then exfiltrate user-provided data, downloads and install next stage code,...

MAL-2024-11565 Malicious code in crypto-regex-checker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a849790638e062a67e51026ebcd7d23b06a5cb901a1b74ce74bcf09762511538 Inside the library there is a part running code hidden in the attached image, which then exfiltrate user-provided data, downloads and install next stage code,...

MAL-2024-12243 Malicious code in coffin-codes-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fa99dd73d11cc6b2756fb43cff1eb16f5f80b4ffd436dbfd635b8417f821c7ba So far, it looks like a legit tunneling software, but in tcp.py there is an attempt to send a strange email using gmail. Update: Identified as malicious by...

MAL-2024-12245 Malicious code in coffin2022 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2f875ec44c758a726a21474b433c8f43af3d2ee96a3bdcca60f75288316b95ae So far, it looks like a legit tunneling software, but in tcp.py there is an attempt to send a strange email using gmail. Update: Identified as malicious by...

MAL-2024-12241 Malicious code in coffin-codes-net (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 df624a59b2cb5ef5cf295a7e63718bf7938250f59c5cda19bb6f43c40824e99b So far, it looks like a legit tunneling software, but in tcp.py there is an attempt to send a strange email using gmail. Update: Identified as malicious by...

MAL-2024-11640 Malicious code in mumuplayer12 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5e7ec41057042474a89cfaa47532d1f790110bc7ac08533ff4dbeea9ee91899 Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...

Malicious code in pytskcheck (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 25d82b24b022549617724628ccd6d11da9cc713daffc187cc3531b5bf3ef07e8 Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...

MAL-2024-11609 Malicious code in httpsmovements (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1f6e48eea4c63cfcc19e892d140b0b70a48f1041c559effbaae92184fda61bc5 In the invokehttp, the init.py contains obfuscated code attempting to download and run one of two executables. They are identified as malicious by VT and the...

Malicious code in c2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5bf8fb109bddeaac7b9818f893783456619c44562c50fe26abea906cbc1ef06a Packages exfiltrate the diff of the current repository. The code in "main.py" suggests it's not a real attempt to provide AI-generated commit message, but a...

MAL-2025-959 Malicious code in pytc123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 29916930efd9b23d2db0a812c00e77dcb672c494ae1d721e2201c1006625bf43 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

MAL-2024-12267 Malicious code in example-pypi-package-loler1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bb19218b6d780973bde55d613a16a9a637728a4d01e79d570bb3406633f0f639 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

MAL-2024-12276 Malicious code in get-root (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1cb448108b11968d4fb13e0d12a3c089afa7eaeb7b288d6bc8e022ff1f4dd34a Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Malicious code in example-pypi-package-loler1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bb19218b6d780973bde55d613a16a9a637728a4d01e79d570bb3406633f0f639 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

MAL-2024-12223 Malicious code in byterec-models (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a743bef3c7e21e3a83027eb77a9868e7b659f295c96c82ac735bc135b353e597 Collects basic information about the system, most probably a pentest or bug bounty. --- Category: PROBABLYPENTEST - Packages looking like typical pentest...

MAL-2024-12362 Malicious code in thethreadingassistant (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 762eff7d2ce4176f6050d35736ba93b5853e8519e760522372aced785a146e59 Infostealer exfiltrating cookies, history and passwords from the Google Chrome browser, as well as attempting to do a webcam photo. Data are sent to a Discord...

Malicious code in artifact-lab-3-package-736f752d (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dfb249857a1fcf0c79636d8692dc8b148d847336022dbe6f4ab558f6f5c2f97f Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...

Malicious code in artifact-lab-3-package-6e10193e (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 be1776005a138f3a3c26df212fd9407dda2bb99a246703710810d30e6118ed79 Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...

MAL-2024-12304 Malicious code in manoj3121pip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ca36f3207b39f83d096054f521bd3dbbedf899c5f9d9e0fa494b6c216b56d481 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-6428 Malicious code in 0x000testqwe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4c1f4407cfafbdc3391f55d6b0c6c7344e0e87cfc42f7eb6dfdd9239a82433b7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...