Malicious code in memorylib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 be3ea3afb3553f67411c8bebff9d99282169997e212b5ee1dd14505d1612d551 Installing the package triggers a code that looks like downloading a picture, but in fact downloads and starts an executable with malware. Note that file...

Malicious code in memtools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fafb3bba871c43e80681f3c9f4618ec7547fe2295b120eb93adf31a59bf021f3 Installing the package triggers a code that looks like downloading a picture, but in fact downloads and starts an executable with malware. Note that file...

Malicious code in vramx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62a5bfc96a523ea6df6a2539bea5f16b48800c1896ef7fb2df344ed0486e6a49 Installing the package triggers a code that looks like downloading a picture, but in fact downloads and starts an executable with malware. Note that file...

Malicious code in memlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a0d0e362d3ea9b768078a9e47f80c667acef799c7099f8044e74fd1738fdedb4 Installing the package triggers a code that looks like downloading a picture, but in fact downloads and starts an executable with malware. Note that file...

MAL-2025-6547 Malicious code in memlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a0d0e362d3ea9b768078a9e47f80c667acef799c7099f8044e74fd1738fdedb4 Installing the package triggers a code that looks like downloading a picture, but in fact downloads and starts an executable with malware. Note that file...

Malicious code in iscc-flag (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cb80cd1cd16dd0ba2beb2e560000380b1eb3cb60d947ed49d5ce9bfb4b12008f Installing starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-07-anku2-rce Reasons...

Malicious code in anku1-rce (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 49fbe573576f7a8b2de883e6b11d60e3df40ffb8db7d62ba7f5d76a06ef4900c Installing starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-07-anku2-rce Reasons...

MAL-2025-6433 Malicious code in anku2-rce (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a0fdfa7bc3195d177e4d6e3dcad16eb59cc436e2b4dc48230b0c088546086fe Installing starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-07-anku2-rce Reasons...

Malicious code in crto0 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8bdcf6d997fa4676ca2da647171f21e944f9b7d0f34010e6ea8da42364a2d03d Importing the module starts downloading or decrypting, and then executing an executable being a wide recognized malware/Infostealer Redline family --- Category...

Malicious code in crto5 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3a906f74f9672d68f42311985b67b1076e3b02caf14d8366b703d3331ff5897b Importing the module starts downloading or decrypting, and then executing an executable being a wide recognized malware/Infostealer Redline family --- Category...

Malicious code in cas-base (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 69eb341218878aebdec66eb5a44391314921fe3c7fb387021d0684bbb91913b3 The package contains code to install remotely stored malware and ensure its persistence. The code is not triggered automatically; it requires a separate trigge...

MAL-2025-6508 Malicious code in gateway-framework (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 33e0ce8e8a78a4b09b337e8d44727b1c6c268f192890d620881496df3b087f0b Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Malicious code in dbnodeindicator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0ca31ed82ece767a66ae60f44cfb3e36aa54f84e952217e36376f6519ac1f777 Code download and executes a remote script. At the time of analysis, the remote code just runs a notepad - as so classified as a pentest/research. --- Category...

MAL-2025-6486 Malicious code in crpt1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 32fcd21a633d14f2794d9038f21c5ba7ecb5178bdb7205e6b0a90e4fc87486b2 Importing the module starts downloading or decrypting, and then executing an executable being a wide recognized malware/Infostealer Redline family --- Category...

Malicious code in test-package-avinav (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 db665678ac908b6f9aa76ef069759ebd70b62c901a6f840b765ba7cac299c423 During installation, a heavily obfuscated code is executed. Exact behaviour unclear --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in gramapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2c3452393093f1f74c19a9049b50fb9c96e9b31ef8235cf0597eb656e6feb8ea The code is automatically starting, calling a Telegram channel with basic info, and waits for remote code to execute --- Category: MALICIOUS - The campaign has...

Malicious code in puregram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7bd190edcbb3734a8578c4e0c5dbd9655bc59613d53e67bfd04b3604cf1aa328 The code is automatically starting, calling a Telegram channel with basic info, and waits for remote code to execute --- Category: MALICIOUS - The campaign has...

Malicious code in tronpyapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3937a7f13d0db04c75985a870ed1eec73aaaff23ce5c45d9fcb64a239576cfc7 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

Malicious code in dbindicator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7728e8fd1f3038b080b037908fea583383e6418d0aeb819e4b41b2b812b0b9d4 Code download and executes a remote script. At the time of analysis, the remote code just runs a notepad - as so classified as a pentest/research. --- Category...

Malicious code in node-db-indicator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7c9a18fe9ea04133e7de33313046092ffb5e8ccef6c1bf5f44e9b6d5e3835aa2 Code download and executes a remote script. At the time of analysis, the remote code just runs a notepad - as so classified as a pentest/research. --- Category...