MAL-2026-3411 Malicious code in web3-py-checksum (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4b2052172f5c854b2e91f6bdc9336a97469cd161372621a1880d9cd1e3ad426a The code silently exfiltrates the private key of a crypto account. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

A previously undocumented Linux implant codenamed Quasar Linux RAT QLNX is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and...

MAL-2026-3384 Malicious code in web3-connect (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1395358346670699250fafa1cb824e59ce1d8265d21b6c80c5033f572349265f Code pretends to be a crypto utility but exfiltrates given private key / seed --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

MAL-2026-3148 Malicious code in amazon-boto (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 649bb559f3078565515a9fee16dbe78e0d1b5575943cbaf020135f8e70e2f17d When using the package, the given AWS credentials are silently exfiltrated to a hardcoded location. This incarnation of the long-running campaign was first...

MAL-2026-3142 Malicious code in timemcp-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8e125c901115c73a3467acea1300ccc14f718459dbf54ad11a8baf7c39cc03d9 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

MAL-2026-3139 Malicious code in robase-start (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 827cc431e55560fd4944d6b7fa6c47e6adb5027a75fe949642630843b0c8702e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-3133 Malicious code in fetchapi-syncdata-pypi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d0dcf5bd5c71d077b3763c74d57d68d5517a2b5c5229fdd5bd6f7369cb2a0f49 The package contains code to download and start a malicious executable. It's masqueraded using name similar to Windows services. In analyzed versions, the code...

Malicious code in fetchapi-syncdata-pypi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d0dcf5bd5c71d077b3763c74d57d68d5517a2b5c5229fdd5bd6f7369cb2a0f49 The package contains code to download and start a malicious executable. It's masqueraded using name similar to Windows services. In analyzed versions, the code...

MAL-2026-3105 Malicious code in mypypipkg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a94a9bbd6a292f754fedd6ae737eaf5259925cf382a610c9d63e9d210a3f3677 When running as a module, the package starts a VSCode tunnel and exfiltrates the connection link to the hardcoded target. This lets the attacker connect the...

MAL-2026-3091 Malicious code in bytedfaas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ec7e2decd402442fba2d4ebd7637b596a33ef132120ffe4f3a8b5d2d6ce8475e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-3084 Malicious code in byteclaw (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3fe21c4a32b814a0b46b75a26033bae1f40e1caa237e394842aff14639b7aaec Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +1329 more potentially affected by CVE-2026-41481 via langchain-text-splitters (>=0.0.1 <=1.1.1)

langchain-text-splitters PYPI version =0.0.1, =0.1.0, =0.1.3, =0.1.0, =0.1.0b0, =0.0.1, =4.8.2, =0.0.1a1, =0.1.3, =0.1.0, =0.1.0, =1.0.0rc1, =2.6.1 and more Source cves: CVE-2026-41481 Source advisory: OSV:PYSEC-2026-77...

Malicious code in test-pkg-jie (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bc409f90d96c576263a60bd95ab30260b973097425292cdd53999e49cb3c4011 During installation, the package attempts to create a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

MAL-2026-2843 Malicious code in shan-lib-poc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f6c2f4a0560b1811eba11c9fd304f7441ab7e04f4e569e01bdfe06aba6722edb Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2840 Malicious code in sher-server-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e83ee8187475c07ed6ea406a698e3f9d3c55efec8e689ba0c110a6ee2ce1012b Starting the module activates a hardcoded telegram bot allowing remote code execution, data exfiltration, collecting webcam photos, clipboard data, etc. ---...

Malicious code in restasv3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8b1f1a7427290168b0acaa2bd682cb33a9d3384eb9f0ea95d2bbd295152bfff7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +1329 more potentially affected by CVE-2026-41481 via langchain-text-splitters (>=0.0.1 <=1.1.1)

langchain-text-splitters PYPI version =0.0.1, =0.1.0, =0.1.3, =0.1.0, =0.1.0b0, =0.0.1, =4.8.2, =0.0.1a1, =0.1.3, =0.1.0, =0.1.0, =1.0.0rc1, =2.6.1 and more Source cves: CVE-2026-41481 Source advisory: OSV:GHSA-FV5P-P927-QMXR...

Malicious code in robase-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f69377c01d5c0980cb9bf905be35133e5cd077e7c64c577460dc06e3871c2d9e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2811 Malicious code in requests-test-test3 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2026-2561 Malicious code in robase-help (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b83143e22b0a815d6a2702f547ae9f4620ee086c8b9360a0d60ff2ed2186d56b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...