MAL-2024-11740 Malicious code in user-random-agent-user (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 593686652ece19b8d2d79006659b8392c347442f9a8403ef1b9f8a8bfa232925 Inside the library there is a part running code hidden in the attached image, which then exfiltrate user-provided data, downloads and install next stage code,...

MAL-2024-11565 Malicious code in crypto-regex-checker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a849790638e062a67e51026ebcd7d23b06a5cb901a1b74ce74bcf09762511538 Inside the library there is a part running code hidden in the attached image, which then exfiltrate user-provided data, downloads and install next stage code,...

MAL-2024-11566 Malicious code in crypto-regex-gener (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3236b2ded0bd62e3958fa1c6257142248c46b75e64cdd0a90edd82ffba869335 Inside the library there is a part running code hidden in the attached image, which then exfiltrate user-provided data, downloads and install next stage code,...

MAL-2024-11741 Malicious code in useregent-generator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f0c8bbc66c2a8384b2a35340f4e3204351fbeb78d88a11bec270f8e3e52b5636 Inside the library there is a part running code hidden in the attached image, which then exfiltrate user-provided data, downloads and install next stage code,...

Malicious code in user-gen-agent-random (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 22f729ba6b5abecacd2d94214cf0075ac0729fb59d4e9cc1cf6287a2bf6e2ab6 Inside the library there is a part running code hidden in the attached image, which then exfiltrate user-provided data, downloads and install next stage code,...

MAL-2024-9266 Malicious code in innostage (PyPI)

The package contains code to download and execute a reverse shell script. --- -= Per source details. Do not edit below this line.=- Source: kam193 ec433c9a241ed7127dc5d6f55b002e94a2407ddd47000e50355f118536e9021e When imported, the package download and runs a remote stage - a reverse shell. To mas...

MAL-2024-9269 Malicious code in posi (PyPI)

The package contains code to download and execute a reverse shell script. --- -= Per source details. Do not edit below this line.=- Source: kam193 9eff1140edfe020fe3ef5905579f5e5d74a8cd0638332576041513ce894eb27e When imported, the package download and runs a remote stage - a reverse shell. To mas...

MAL-2024-9267 Malicious code in innostage-group (PyPI)

The package contains code to download and execute a reverse shell script. --- -= Per source details. Do not edit below this line.=- Source: kam193 9d0f2f6104de4772268a20f51e009797c0c4b0740d18d98d730417fdafdfb052 When imported, the package download and runs a remote stage - a reverse shell. To mas...

MAL-2024-9268 Malicious code in maxpatrol (PyPI)

The package contains code to download and execute a reverse shell script. --- -= Per source details. Do not edit below this line.=- Source: kam193 e7b0664f3eb50be717290db2d08e1be4a3dcbce029ad58fae9cffb04f09a51c1 When imported, the package download and runs a remote stage - a reverse shell. To mas...

MAL-2024-11736 Malicious code in upllib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6207428c93f872f851e291726fc7a7384f9226b903c01a5a3f1545f82d66bf0b When importing the module and a specific file exists in the current directory, obfuscated code downloads and starts the next stage of obfuscated code cstealer...

MAL-2024-11584 Malicious code in exflibrary (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 95deb938eb8fd38976a38faf2fd2117318966fc829c080f35d6d999ff37d1236 When importing the module and a specific file exists in the current directory, obfuscated code downloads and starts the next stage of obfuscated code cstealer...

MAL-2024-11522 Malicious code in alfooou (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5bb42c1e46cc4a000429770c7e316646bab8170a9f1191e3f196a4f05a65605f Running the module triggers obfuscated code that downloads a DLL containing reverse shell and injects it to a benign process. --- Category: MALICIOUS - The...

MAL-2024-11744 Malicious code in viplotlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2613f1ba2960b7e0358efd0c3e8cf7977619c4c21f485a57bc5244e063cdf1db Running the module triggers obfuscated code that downloads a DLL containing reverse shell and injects it to a benign process. --- Category: MALICIOUS - The...

MAL-2024-11712 Malicious code in spider-ai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 aaeb144e288d0288f6013d64f0e9e57164e5c3eded3924fd2282577b59c28f1a Every time the user sends a message to the AI, the user IP, message as well as the response are exfiltrated to a hardcoded telegram channel. This behaviour is...

MAL-2024-11728 Malicious code in titan-osint (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e8dccaf6be8892f2b8871e634607d1dafc9fbb2b5855156959c454b07ab184aa osint packages promise to be OSINT tool, however, when providing the username to search for, the package attempts to exfiltrate Discord tokens from the user. T...

PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data

A new set of malicious packages has been unearthed in the Python Package Index PyPI repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft of valuable digital assets. "The attack targeted users of Atomic, Trust...

New PyPI Malware Poses as Crypto Wallet Tools to Steal Private Keys

Checkmarx researchers discovered PyPI malware posing as crypto wallet tools. These malicious packages stole private keys and recovery…...

MAL-2024-9067 Malicious code in website-scanner (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bab4a414e51f614858ff935138ccb2632b0ba1801566c398a699e692715ccaae The obfuscated code in setup.py on installation collects information about the system all possible about hardware, available resources, IP, names, etc. and sen...

Trouble in Da Hood: Malicious Actors Use Infected PyPI Packages to Target Roblox Cheaters

The world of gaming can be a cut-throat place, with many players turning to online help via third-party programs ‘game hacks’ to get ahead. Although some of these programs offer legitimate game boosts, malicious actors frequently leverage these game hackers’ interest in modifications to deliver...

MAL-2024-11560 Malicious code in colotama (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fa7312f48aedc863c1eb3377178692b7cb1fe1503114d3cbc6cdc97572b9a6c0 The pyprettifier library has a feature to send out the user home path throuh the logger. It's attached to the init of EmojiConverter class. Other related...