9169 matches found
aiocpa 0.1.13 contains credential harvesting code
aiocpa is a user-facing library for generating color gradients of text.Version 0.1.13 introduced obfuscated, malicious code targetingCrypto Pay users, forwarding client credentials to a remote Telegram bot.All versions have been removed from PyPI...
PyPI Python Library "aiocpa" Found Exfiltrating Crypto Keys via Telegram Bot
The administrators of the Python Package Index PyPI repository have quarantined the package "aiocpa " following a new update that included malicious code to exfiltrate private keys via Telegram. The package in question is described as a synchronous and asynchronous Crypto Pay API client. The...
Malicious code in newpipv3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 54fac2a807bae6742d82c86f55d97a1b4a810e42ee3b0b9dcb0c981c36ab712d The OpenSSF Package Analysis project identified 'newpipv3' @ 0.1.0 pypi as malicious. It is considered malicious because: - The package...
PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries
Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index PyPI repository that impersonated popular artificial intelligence AI models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer. The packages, named...
Malicious code in zebo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 27f62f0f9a2a11b03c5bbead202d9f5d58ca471041e3115eb67dd88accc22be4 Package automatically installs a script with keylogger and screenshots extraction, and sets it for an autostart. --- Category: MALICIOUS - The campaign has...
MAL-2024-11751 Malicious code in zebo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 27f62f0f9a2a11b03c5bbead202d9f5d58ca471041e3115eb67dd88accc22be4 Package automatically installs a script with keylogger and screenshots extraction, and sets it for an autostart. --- Category: MALICIOUS - The campaign has...
Malicious code in pycalculater (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 84e239de4d2d6d9652a78ead4c1ebb6b3f4952aeb54dc51dc30765eaaf806368 During installation, a remote, obfuscated executable is downloaded and started. The executable at least disables automated updates, malware protection and othe...
Malicious code in discconnect (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cd96a216a1790b73568af638b97003c7abd1f502c962137cd1084fb48ebcca64 During installation, a remote, obfuscated executable is downloaded and started. The executable at least disables automated updates, malware protection and othe...
MAL-2024-11668 Malicious code in pycalculater (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 84e239de4d2d6d9652a78ead4c1ebb6b3f4952aeb54dc51dc30765eaaf806368 During installation, a remote, obfuscated executable is downloaded and started. The executable at least disables automated updates, malware protection and othe...
MAL-2024-11576 Malicious code in discconnect (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cd96a216a1790b73568af638b97003c7abd1f502c962137cd1084fb48ebcca64 During installation, a remote, obfuscated executable is downloaded and started. The executable at least disables automated updates, malware protection and othe...
Malicious code in reverse4343 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a90c21a3dc6b4091f1ccd6f17c99b1ec955954d2b78e93029e63c33f12ed3c7d The package contains only a reverse shell started on installation --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
MAL-2024-11694 Malicious code in reverse434343 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9107d563a329f12fdff39bb22f6d6593f6d005d38f9738c2d3a78c94ee368262 The package contains only a reverse shell started on installation --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
Malicious code in reverse434343 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9107d563a329f12fdff39bb22f6d6593f6d005d38f9738c2d3a78c94ee368262 The package contains only a reverse shell started on installation --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
MAL-2024-11582 Malicious code in eosio-signer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 647b75de784ff7b23edb8a5b76d1a017b02d1fd719c6a5a92587fa8d89c25abf Installing the package exfiltrates basic data about the system --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but also anythin...
Malicious code in tingetone (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 014c881ede6ff27565f1de4842b4f7c10162a2daa47c98a4470188571a60639f Importing the module starts the banner function, which downloads and runs an obfuscated remote script. The package seems to be a clone a one of existing simila...
MAL-2024-11727 Malicious code in tingetone (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 014c881ede6ff27565f1de4842b4f7c10162a2daa47c98a4470188571a60639f Importing the module starts the banner function, which downloads and runs an obfuscated remote script. The package seems to be a clone a one of existing simila...
Malicious code in asn1tool (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2f9270a5372d17332c32e8824c44dab167a1f2a78ebc5a204e090ac4487a0f31 Package clones a legitimate package. In the call to check the current version, the obfuscated remote code is downloaded and executed. It appears to be an...
MAL-2024-11530 Malicious code in asn1tool (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2f9270a5372d17332c32e8824c44dab167a1f2a78ebc5a204e090ac4487a0f31 Package clones a legitimate package. In the call to check the current version, the obfuscated remote code is downloaded and executed. It appears to be an...
Malicious code in huggingleg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 15016c2674d699af66ab871a07440b7fbd48d3ee267381ff8eb36ef1436df2c0 Package use a name similar to a known service and automatically attempt do download and run a remote executable. --- Category: MALICIOUS - The campaign has...
MAL-2024-11611 Malicious code in huggingleg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 15016c2674d699af66ab871a07440b7fbd48d3ee267381ff8eb36ef1436df2c0 Package use a name similar to a known service and automatically attempt do download and run a remote executable. --- Category: MALICIOUS - The campaign has...