10271 matches found
MAL-2025-6461 Malicious code in bavard-ml-common (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-6429 Malicious code in aistac-foundation (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-191689 Malicious code in backtradingbot (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 117c24f5b7a0f5e4921e4478231a717ecca01748a5b266d8984e619f06173984 Running the installed entry point downloads and executes remote code. During the analysis, the code was switching to websockets, adding a startup script and...
Malicious code in backtradingbot (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 117c24f5b7a0f5e4921e4478231a717ecca01748a5b266d8984e619f06173984 Running the installed entry point downloads and executes remote code. During the analysis, the code was switching to websockets, adding a startup script and...
MAL-2025-6787 Malicious code in flatfox-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c1abb243ceb7b5b94ca2f950d7cf27838ad4c22bc9771a0ea878af5497bfebf2 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain
The maintainers of the Python Package Index PyPI repository have issued a warning about an ongoing phishing attack that's targeting users in an attempt to redirect them to fake PyPI sites. The attack involves sending email messages bearing the subject line "PyPI Email verification" that are sent...
Malicious code in hello-from-shiphero (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 00eb05ac59ee167606a053bd1ac9f705de178f9a576e6fe78bae415d599157b1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-191821 Malicious code in prof-qux (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5b87af8d8f13bd43c1cf3490ea551b8d60fe05a482875597ef2fe5d2c200ca19 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...
MAL-2025-6010 Malicious code in ruamel-poc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1381375ccfff8dc10b3416284ac4a9a91c69bb2d5e7b652a2df24a64f4c5d512 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-6548 Malicious code in memorylib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 be3ea3afb3553f67411c8bebff9d99282169997e212b5ee1dd14505d1612d551 Installing the package triggers a code that looks like downloading a picture, but in fact downloads and starts an executable with malware. Note that file...
MAL-2025-6549 Malicious code in memtools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fafb3bba871c43e80681f3c9f4618ec7547fe2295b120eb93adf31a59bf021f3 Installing the package triggers a code that looks like downloading a picture, but in fact downloads and starts an executable with malware. Note that file...
MAL-2025-6614 Malicious code in vramx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 62a5bfc96a523ea6df6a2539bea5f16b48800c1896ef7fb2df344ed0486e6a49 Installing the package triggers a code that looks like downloading a picture, but in fact downloads and starts an executable with malware. Note that file...
MAL-2025-6538 Malicious code in logghelper (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2a5f0848002e1727d885bdf20c39e4949fd9609a4df5164a8c42ccc870aa6736 Code attempts to download and run malware, as well as keeps ability to execute files sent via Telegram C2 channel --- Category: MALICIOUS - The campaign has...
MAL-2025-6527 Malicious code in iscc-flag (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cb80cd1cd16dd0ba2beb2e560000380b1eb3cb60d947ed49d5ce9bfb4b12008f Installing starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-07-anku2-rce Reasons...
MAL-2025-6432 Malicious code in anku1-rce (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 49fbe573576f7a8b2de883e6b11d60e3df40ffb8db7d62ba7f5d76a06ef4900c Installing starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-07-anku2-rce Reasons...
MAL-2025-6487 Malicious code in crto0 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8bdcf6d997fa4676ca2da647171f21e944f9b7d0f34010e6ea8da42364a2d03d Importing the module starts downloading or decrypting, and then executing an executable being a wide recognized malware/Infostealer Redline family --- Category...
MAL-2025-5847 Malicious code in vtk-osmesa (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 910e787804512eabe1c118f5347fed9f57ca936717e18a80d26622108d75399e During the installation, sensitive information are exfiltrated incl. env variables --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2025-193014 Malicious code in cas-base (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 69eb341218878aebdec66eb5a44391314921fe3c7fb387021d0684bbb91913b3 The package contains code to install remotely stored malware and ensure its persistence. The code is not triggered automatically; it requires a separate trigge...
MAL-2025-6492 Malicious code in dbnodeindicator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0ca31ed82ece767a66ae60f44cfb3e36aa54f84e952217e36376f6519ac1f777 Code download and executes a remote script. At the time of analysis, the remote code just runs a notepad - as so classified as a pentest/research. --- Category...
MAL-2025-6522 Malicious code in httppack (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d66d0c3948eb48c93a56872d2a149edfcc65ae57178e7d7a51405ef755880939 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...