Malicious code in bonsaitree1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0c35db41a5cf0a0671b33adf698777ebb63055a4f5ab3076bf3ed563a875cbb6 Dependency confusion attempt. The user identifies themselves as a HackerOne user abusing the PyPI for the purpose of a bug bounty program. This package did not...

MAL-2026-1350 Malicious code in falador (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1d66c45b27d4ff7595d8a13a91515450c248dc50a6531199f0254bbd9d6440bb During installation or import, the package exfiltrates basic information in a dependency confusion attempt. The user identifies themselves as a HackerOne user...

Malicious code in cat-admin-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 34286533490c9ad41743b1eea6659d9c4fd3e62d1a830658b90840f3c49a6c8c Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...

Malicious code in chia-pool-reference (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 51f7e4eb8c8b82bd7c7514255d0eb51dddc657c4b06845232ad8490a514a139c Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...

MAL-2026-654 Malicious code in zabitog (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 23d4c7f55266f10f23ddf4a743bb4222b920c0e7f4472c1572a51831a3d1f247 Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...

MAL-2025-191766 Malicious code in inkpy-jinja (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c230bd12491edc91bbbc1080b2d650c4889a8b9269b85a346839a32900bfad2b Packages are designed to collect basic info about the user when importing them, and have no other purpose. While they claim to do so, some packages from the sa...

Malicious code in just-framework (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 95cb11d9c49d15c2a3d932930ab9d4f1567e118bf2ed951ab313856878f88859 Importing the module exfiltrates basic information using DNS queries. There is no other purpose of the package. --- Category: PROBABLYPENTEST - Packages lookin...

Malicious code in bytedps (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 89403fd14357b9969879ed80062b26ab63de5566bf285532ffa46382f1886e7c A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

Malicious code in byted-rtc-robot-api-v2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 69373c46b5c735a1890c7a3b601ef30c64493d656302703ceccd4d153e3dab11 Collects basic information about the system, most probably a pentest or bug bounty. --- Category: PROBABLYPENTEST - Packages looking like typical pentest...