10271 matches found
Malicious code in package-346234294 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c9741d027897445cdd34a40de0f592a42641170b88a9cbab6cee3dbaaeeedb39 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
MAL-2025-5837 Malicious code in test-package-avinav (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 db665678ac908b6f9aa76ef069759ebd70b62c901a6f840b765ba7cac299c423 During installation, a heavily obfuscated code is executed. Exact behaviour unclear --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2025-6513 Malicious code in gramapi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2c3452393093f1f74c19a9049b50fb9c96e9b31ef8235cf0597eb656e6feb8ea The code is automatically starting, calling a Telegram channel with basic info, and waits for remote code to execute --- Category: MALICIOUS - The campaign has...
MAL-2025-6569 Malicious code in puregram (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7bd190edcbb3734a8578c4e0c5dbd9655bc59613d53e67bfd04b3604cf1aa328 The code is automatically starting, calling a Telegram channel with basic info, and waits for remote code to execute --- Category: MALICIOUS - The campaign has...
MAL-2025-6610 Malicious code in tronpyapi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3937a7f13d0db04c75985a870ed1eec73aaaff23ce5c45d9fcb64a239576cfc7 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...
MAL-2025-6491 Malicious code in dbindicator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7728e8fd1f3038b080b037908fea583383e6418d0aeb819e4b41b2b812b0b9d4 Code download and executes a remote script. At the time of analysis, the remote code just runs a notepad - as so classified as a pentest/research. --- Category...
MAL-2025-6558 Malicious code in node-db-indicator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7c9a18fe9ea04133e7de33313046092ffb5e8ccef6c1bf5f44e9b6d5e3835aa2 Code download and executes a remote script. At the time of analysis, the remote code just runs a notepad - as so classified as a pentest/research. --- Category...
MAL-2025-6621 Malicious code in web3toolkit-base (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bdfcb6d5feffbd89fd13ed27d03b0bf7c14970f09ceeb202f8b36703fec6e907 Code monitors the clipboard and when detects a cryptocurrency wallet, attempts to overwrite it with the own address. --- Category: MALICIOUS - The campaign has...
MAL-2025-6488 Malicious code in cryptob (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d0ee1f01fb1d9fe3ac1d88bec06c858d0c3e33f2531e7ca1afb30177f0b85e84 Importing starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-07-cryptoo Reasons based...
MAL-2025-6489 Malicious code in cryptoo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f63e4b5c515be094f240f956e15464da0258bdd6948006f25419be60138b4764 Importing starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-07-cryptoo Reasons based...
MAL-2025-6604 Malicious code in tq95 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 abb1e0b01bcc48bdbb798a617be723bf433722a7bede307de21214a92d569949 Importing the module starts an infostealer exfiltrating browser data, passwords, crypto wallets and implants a Discord stealer. --- Category: MALICIOUS - The...
MAL-2025-6478 Malicious code in cloudscrapersafe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2420d6a750823b640af4d97d3a2a26383ce9e32d3ac266e4792675e8beb9b806 During processing the user requests, the package looks for URLs related to checkouts using services: - credomatic.compassmerchantsolutions.com -...
MAL-2025-191764 Malicious code in imad213tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2cddffd96538ab03979aa6404e3c946258e49677220c4820f3a8f0972b31cb17 Encrypted code offering massive sending Instagram followers. 1 besides of using some shady services to achieve the goal, it also exfiltrates saved Instagram...
MAL-2025-6565 Malicious code in pipmodule83 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 95b01ea01a7fd1ff5e52491e6b143aa98f45a6f331814222fe38e76ad3ac0863 If run as a module, the package downloads and executes a remote script. At the time of check, the remote script was just opening a popup; thus it's not...
MAL-2025-6564 Malicious code in pipmodule823 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 57b078ffca6f219848df2289282933442be06a2932d0d163ede59fe4a533faca If run as a module, the package downloads and executes a remote script. At the time of check, the remote script was just opening a popup; thus it's not...
MAL-2025-6543 Malicious code in malimalooo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 68fa420b0a99cf34a9226a9deb8781219fd54964c91f41a41d2867063a365c32 The only goal of the package is to execute a webhook or a suspicious file during installation. Closely related to 2025-07-0x9xnx - created after previous...
MAL-2025-6541 Malicious code in malimalo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3b4acdcbd7f8ae1e20019b3c0126a4b5bac73cb07a6bc4c0c3a024bc2a390b34 The only goal of the package is to execute a webhook or a suspicious file during installation. Closely related to 2025-07-0x9xnx - created after previous...
MAL-2025-5656 Malicious code in malinssx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ec1d3e0940a3c37917b528689547d3728f9f3d0b9e408acc7dcc67435c09d2b0 The only goal of the package is to execute a webhook or a suspicious file during installation. Closely related to 2025-07-0x9xnx - created after previous...
MAL-2025-5654 Malicious code in malicus (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d151385056670ff22bfb80dc356c10ff622a77e115f8d81ee5f066220e05fda1 The only goal of the package is to execute a webhook or a suspicious file during installation. Closely related to 2025-07-0x9xnx - created after previous...
MAL-2025-5655 Malicious code in maliinn (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dea697dc03b11e99e6895070c9fa053b8db92510a03201f9545dcb25bd373199 The only goal of the package is to execute a webhook or a suspicious file during installation. Closely related to 2025-07-0x9xnx - created after previous...