Malicious code in polydata-analytics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04c2f2ae400ee7411678735073e22d4c662de5653a4add84eaca159ed0ba004a Package self-describes as a Polymarket market-data analytics tool but ships a Windows clipboard monitor src/polymarketdatafetcher/clipper/winclip.py...

Malicious code in trickery (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3ad5df28c8d5f5afa377d6b54a7eac1d3110610783c7e62fbd084a0bd49baac5 Package contains code to install a backdoor - and additionally to a user-controlled backdoor, it also installs the second, with own C2 server. It's not...

MAL-2026-3246 Malicious code in win-update-helper-tool-v2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 251972769752a77d15c86627fe078560c49ce79a47bcc4542128386eb5362342 If run as a module, the code runs code to silently control the device via Telegram bot execute commands, exfiltrate files. --- Category: MALICIOUS - The campai...

MAL-2026-1091 Malicious code in myproject-bola (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f85bf2df7a8a311b7140ca4086746ecf3c26b219843b96c1f9f8c22f505e7edc Starting the module initiates an infostealer with a Telegram bot and RAT-like functionality and hardcoded credentials. The code automatically adds itself to...

MAL-2026-811 Malicious code in grokwrapper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a7ae896464be7f195243e35231a2435d0a1eb055cc7fa8cfaef707c7e11c55b2 During importing the module, package silently execute code hidden in an embedded config file, and downloads remote executable. It's then added to Run registry...

Malicious code in lium-4-96 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f30524e8a9ff2b7c5b43b57ea582beeba9d8f94da4097ecd572d26b4177e6626 This is a typosquatting/dependency confusion package that is part of a campaign embedding malicious code but was found before the malicious code was injected...

MAL-2026-52 Malicious code in celium-collateral-upgrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 adea9a91926d593420b0d9d07dd66bc5656bb42bf3735074a3f33533800a79dc This is a typosquatting/dependency confusion package that is part of a campaign embedding malicious code but was found before the malicious code was injected...

MAL-2025-191830 Malicious code in pulsecord (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 025d4e33a2037fb9ad36cb4b08b122e4439bb4932b73ac6c6f403609e7e1c09e This package is prepared for silent execution of a malicious executable, with disabling AV protection. While there is no link to the malicious binary inside, t...

Malicious code in multithreadedexecution (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3248950b032e1381ddc79d43dfdba8fb6dccce4b1afafd5825e560d793b3bd09 Once run, package downloads and installs an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2025-191718 Malicious code in discord-selfsbotsx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b56aa48c0654abd06a9d624b8c1b5ab4ce170399068d97b994bb4d63635bf18a Once run, package downloads and installs an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2025-191689 Malicious code in backtradingbot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 117c24f5b7a0f5e4921e4478231a717ecca01748a5b266d8984e619f06173984 Running the installed entry point downloads and executes remote code. During the analysis, the code was switching to websockets, adding a startup script and...

Malicious code in telepycore (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3dcd0a2a8162a703ef9d7b90566e4c55116a7f4f4d3b8759ca0d2640acd4ee4 Package can only be used requires additional triggering to install a remote executable, ensure it starts on logon and name mimic network service. Though...

Malicious code in requesr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b792f17b467610a1021820a7718884aa436487a9ec75d5ebf889d400efeaec24 Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory. --- Category:...

MAL-2024-12338 Malicious code in requesr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b792f17b467610a1021820a7718884aa436487a9ec75d5ebf889d400efeaec24 Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory. --- Category:...