MAL-2026-3364 Malicious code in quicklytookerv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eeb02e3ddf9f61661d72bac1e244227aa8b6a8a88ab1226a521cc7aa48d5da37 The package silently exfiltrates screenshots and basic data. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Malicious code in scraper-npm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5705e85e8288aeffbfe964329624dcbb5b2e30cebb0023da5b605ee5fb0aef4e During import, the package exfiltrates files especially .env and JSON and eventually configures a backdoor by adding its own SSH key to the authorizedkeys. ---...

MAL-2025-191884 Malicious code in tableausdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2facdadd713d6c1751cf3c2ca1e5e76f1cb367c5d30c3f06fe73808c6a08fca3 While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...

Malicious code in ttat-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 171a49cab7c7b9f2c358c0e14882706dcd80cde089799698400155ee26240e80 Collects basic information about the system, most probably a pentest or bug bounty. --- Category: PROBABLYPENTEST - Packages looking like typical pentest...

Malicious code in advdef01 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 44ffce32113cbe3c908fd584f4b02617cafcfecccc3cea1c4fc068021c4bfa7d Package uses the template from https://github.com/thegoodhackertv/malpip to explore building malicious PyPI packages. --- Category: MALICIOUS - The campaign ha...