MAL-2024-11568 Malicious code in cryptograohy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 67095679f8af3205e005b17a996da2ba17789715d7c66e4fcf31d8c387b85c00 The pyprettifier library has a feature to send out the user home path throuh the logger. It's attached to the init of EmojiConverter class. Other related...

MAL-2024-11535 Malicious code in bibit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e944b3bd6b920bf1cfd786ed25cc65b504bd5701203981a460a9c162a0fc282d When running the module, this package attempts - depending on the version - to exfiltrate user files, a screenshot, or crypto wallets data 8.1.4. Later continu...

MAL-2024-9022 Malicious code in saywh11222 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 66e2b9f8537aaebeea0768739ff431e4fe4c8dc5ea9bab0d191d6f555384b25f The OpenSSF Package Analysis project identified 'saywh11222' @ 0.0.1 pypi as malicious. It is considered malicious because: - The package...

MAL-2024-9005 Malicious code in saywh222 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 776c407a0a9a3c3b242d222e9b22ada03db555fd91538182fdc5d059b1ddcae7 The OpenSSF Package Analysis project identified 'saywh222' @ 0.0.1 pypi as malicious. It is considered malicious because: - The package...

MAL-2024-9002 Malicious code in saywhu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 67dc65eeb23101b56981a723f315b344ac7ba4773b9a712f82009fbccea7b430 The OpenSSF Package Analysis project identified 'saywhu' @ 0.0.1 pypi as malicious. It is considered malicious because: - The package communicat...

MAL-2024-11716 Malicious code in sunrequests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 314b140727c2d65586134b9e2722bdbba66be25e0f391d1b886cc08824783c63 Running the module starts an infostealer attempting to exfiltrate credentials from webbrowsers --- Category: MALICIOUS - The campaign has clearly malicious...

MAL-2024-8946 Malicious code in rcebymrx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 65ddcbfb52d8c96bb51c713d62841675f75e9e5225efc9380917c6cf79bed8ab When importing the module, the /etc/passwd file is exfiltrated --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but also anythin...

MAL-2024-11732 Malicious code in torhc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 385cb451ed567a10096fce231790d6a9bce59bb47c8d7bdfff5a8f4aaa0854ed During installation, a cryptominer is secretly installed and started. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

MAL-2024-11705 Malicious code in setuptolos (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 89f6c10eb8edc13e9f46c33bba334822fbb3693527f3fc89714bd86adc3be1af During installation, a cryptominer is secretly installed and started. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

MAL-2024-11540 Malicious code in botoceor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8bf39054053dfe99fc83c836bb407659d11241cc09f2572a72524d980b9c5914 During installation, a cryptominer is secretly installed and started. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

MAL-2024-9944 Malicious code in asciidrawing (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 633d53a1b6bcde673f71f2788cc6c268f7eef20552eb7a0dc3f533f6a9a7ad12 During installation, a Discord webhook is used to exfiltrate basic data. The package seems to attempt impersonating the "asciidraw" package some files and...

MAL-2024-11657 Malicious code in pdf2doc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ae55659200290f97e3d07c41d49af574eb14ad3dc5913535e8d100cf2c48dd58 During installation, the code attempts to exfiltrate basic data username, host name and send to the attacker. The package looks to be a clone of an existing on...

Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution

A now-patched critical security flaw impacting Google Cloud Platform GCP Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion. The vulnerability has been codenamed CloudImposer by Tenable...

MAL-2024-10035 Malicious code in hyperreq (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a4662a05cce5bc61521e977b78c1abdb16ecaed027888309aa86ebf22166222b Importing the module starts an Infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2024-09-hyperreq...

MAL-2024-9962 Malicious code in colorbytes (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 aa4677648d784f5460e80091c656719fc082e6ed9028940b407c97b0e78ff008 Extremely obfuscated code starts when importing the module, and then downloads the next stages and configuration from pastebin. They include a whole range of...

Malicious code in coffin-codes-net2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 694b0573155beac08991f19b534c13e193d82c520d5d0fd8c6733daf1de774ce So far, it looks like a legit tunneling software, but in tcp.py there is an attempt to send a strange email using gmail. Update: Identified as malicious by...

MAL-2024-12243 Malicious code in coffin-codes-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fa99dd73d11cc6b2756fb43cff1eb16f5f80b4ffd436dbfd635b8417f821c7ba So far, it looks like a legit tunneling software, but in tcp.py there is an attempt to send a strange email using gmail. Update: Identified as malicious by...

MAL-2024-12245 Malicious code in coffin2022 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2f875ec44c758a726a21474b433c8f43af3d2ee96a3bdcca60f75288316b95ae So far, it looks like a legit tunneling software, but in tcp.py there is an attempt to send a strange email using gmail. Update: Identified as malicious by...

MAL-2024-12241 Malicious code in coffin-codes-net (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 df624a59b2cb5ef5cf295a7e63718bf7938250f59c5cda19bb6f43c40824e99b So far, it looks like a legit tunneling software, but in tcp.py there is an attempt to send a strange email using gmail. Update: Identified as malicious by...

MAL-2024-9952 Malicious code in browser-cookies3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ac253e47b0fa143074f6239c3c84b3ecd3521d37f71c4f92937f53cafc5067b5 Package contains a compiled infostealer that is started instead of promised functionality --- Category: MALICIOUS - The campaign has clearly malicious intent,...