MAL-2026-5338 Malicious code in solana-web3-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6945b0bfcf3be9438852411527a75d1275367ca7a34ea4a28793e6e0c6258ccb During import, the package exfiltrates sensitive data credentials, SSH keys, cryptowallet's data. It also establishes persistence via a cronjob. --- Category:...

Malicious code in solana-web3-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6945b0bfcf3be9438852411527a75d1275367ca7a34ea4a28793e6e0c6258ccb During import, the package exfiltrates sensitive data credentials, SSH keys, cryptowallet's data. It also establishes persistence via a cronjob. --- Category:...

Malicious code in solana-cli-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1906f26c40e0ea91316c6c85ba5fea16d52a711c7a5edf3d847578cdd653715 During import, the package exfiltrates sensitive data credentials, SSH keys, cryptowallet's data. It also establishes persistence via a cronjob. --- Category:...

MAL-2026-5336 Malicious code in solana-cli-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1906f26c40e0ea91316c6c85ba5fea16d52a711c7a5edf3d847578cdd653715 During import, the package exfiltrates sensitive data credentials, SSH keys, cryptowallet's data. It also establishes persistence via a cronjob. --- Category:...

MAL-2026-5337 Malicious code in solana-web3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 91c09b86579a07d271d3bcd57adf5b5b161e49e36c3bd7af09c50dd8127aa54f During import, the package exfiltrates sensitive data credentials, SSH keys, cryptowallet's data. It also establishes persistence via a cronjob. --- Category:...

Malicious code in solana-web3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 91c09b86579a07d271d3bcd57adf5b5b161e49e36c3bd7af09c50dd8127aa54f During import, the package exfiltrates sensitive data credentials, SSH keys, cryptowallet's data. It also establishes persistence via a cronjob. --- Category:...

Malicious code in spl-token-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cda7dee5497d0dc5e9e79265b9ae729b0b821c66baa883f3abe723423614cb43 During import, the package exfiltrates sensitive data credentials, SSH keys, cryptowallet's data. It also establishes persistence via a cronjob. --- Category:...

MAL-2026-5339 Malicious code in spl-token-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cda7dee5497d0dc5e9e79265b9ae729b0b821c66baa883f3abe723423614cb43 During import, the package exfiltrates sensitive data credentials, SSH keys, cryptowallet's data. It also establishes persistence via a cronjob. --- Category:...

Malicious code in openai-mcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f7597f40e5a7af25ae5f07e34310df24ac3284b9e0cadcb013a9c155384e9100 Typosquatting package published from a compromised account with an embedded infostealer. The infostealer is a heavily obfuscated JavaScript code executed using...

MAL-2026-5320 Malicious code in openai-mcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f7597f40e5a7af25ae5f07e34310df24ac3284b9e0cadcb013a9c155384e9100 Typosquatting package published from a compromised account with an embedded infostealer. The infostealer is a heavily obfuscated JavaScript code executed using...

MAL-2026-5326 Malicious code in tiktoken-mcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c9be15ab63daf09fd0949c09ea93f0d014aa6886b071ecc5a1af0dc4546d5a2a Typosquatting package published from a compromised account with an embedded infostealer. The infostealer is a heavily obfuscated JavaScript code executed using...

MAL-2026-5305 Malicious code in tlask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2b3ae446f7b8d808b84c157ec455883e0bc45e4f4180e51c5cd42ff9852712a2 Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...

Malicious code in tlask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2b3ae446f7b8d808b84c157ec455883e0bc45e4f4180e51c5cd42ff9852712a2 Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...

Malicious code in rlask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 baacd735e23c83962845507427fa53c89bdc2e8e0456dbbce6f00a91bf4fe002 Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...

MAL-2026-5303 Malicious code in rlask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 baacd735e23c83962845507427fa53c89bdc2e8e0456dbbce6f00a91bf4fe002 Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...

Malicious code in rsquests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b32959e10bc6b1df57d105a5e5d74cbe7b69660cb7a1e78185d3f5e0e0f07e10 Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...

MAL-2026-5304 Malicious code in rsquests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b32959e10bc6b1df57d105a5e5d74cbe7b69660cb7a1e78185d3f5e0e0f07e10 Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...

MAL-2026-5302 Malicious code in nhmpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0b2d6b794431c52ef6b905eb676d70274a792cbca1b266a3405734a7a900860b Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...

Malicious code in nhmpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0b2d6b794431c52ef6b905eb676d70274a792cbca1b266a3405734a7a900860b Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...

MAL-2026-5322 Malicious code in phenopacket-store-toolkit (PyPI)

The package phenopacket-store-toolkit version 0.1.7 contains a malicious .pth file phenopacketstoretoolkit-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release...