33 matches found
Malicious code in sam-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26e593046a8f405a1a571d19aaa6bd46db57c4a22fce4b9acfc114dd4eb8ffb6 [email protected] is a malicious package whose only purpose is to deliver a prompt-injection payload targeting AI coding assistants Copilot, Cursor,...
Malicious code in pylogxo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbeee018f429f5a978b85aa3999c8e24251a85dc787b1e4fd673abcabf157800 On import pylogx, the package spawns a background thread that sleeps 5-20 seconds, force-installs sensitive third-party packages cryptography,...
MAL-2026-5679 Malicious code in pylogxo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbeee018f429f5a978b85aa3999c8e24251a85dc787b1e4fd673abcabf157800 On import pylogx, the package spawns a background thread that sleeps 5-20 seconds, force-installs sensitive third-party packages cryptography,...
Malicious code in discord-massban (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1b535ff4283b14cd5d93b2e31a997d1c8abd7424e2aa48a993c19e5e7f6b2b3b Package steals data from web browsers credentials, credit cards, history, ... --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2026-5099 Malicious code in discord-massban (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1b535ff4283b14cd5d93b2e31a997d1c8abd7424e2aa48a993c19e5e7f6b2b3b Package steals data from web browsers credentials, credit cards, history, ... --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in discord-ban (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4e19806a65bf83b5648eb280baedca899972d98e8c3f921080390458e8394413 Package steals data from web browsers credentials, credit cards, history, ... --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in telethon-pro-safe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8bc2e515c2eb7bf73ea5d532cfb6701dcaf3dd95e9d8248ee3d426b1d0c1ed8c During installation, package executes obfuscated code that starts a RAT-like software allowing remote control and exfiltrating sensitive data. --- Category:...
MAL-2026-4859 Malicious code in telethon-pro-safe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8bc2e515c2eb7bf73ea5d532cfb6701dcaf3dd95e9d8248ee3d426b1d0c1ed8c During installation, package executes obfuscated code that starts a RAT-like software allowing remote control and exfiltrating sensitive data. --- Category:...
Fake software on GitHub and SourceForge distribute Deno RAT
During our threat hunting activities, we found fake installers and plugins impersonating popular software including ChatGPT, Claude, AutoTune, and Kontakt on GitHub and SourceForge distributing a Deno backdoor known as DinDoor. Attackers are using compromised YouTube channels to distribute links ...
MAL-2026-3701 Malicious code in api-request-helpers (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c8e8b70ac4deca30691d583ac6891034222b7458bf5ba9e7b86cf5e6627d8abb During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...
MAL-2026-3660 Malicious code in numpy-lib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a1e0009e8bfad1a403632094f43e661b328b40a6f518db00b890712789e39734 Package installs persistent malware acting as Rat, with the focus of stealing data and modifying copied cryptowallet addresses. --- Category: MALICIOUS - The...
MAL-2026-3659 Malicious code in rich-util (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cc191d72f2f92d966897d0f635b53afecd9a62e8b63de13fff125a00377fcb63 Package installs persistent malware acting as Rat, with the focus of stealing data and modifying copied cryptowallet addresses. --- Category: MALICIOUS - The...
Malicious code in rich-util (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cc191d72f2f92d966897d0f635b53afecd9a62e8b63de13fff125a00377fcb63 Package installs persistent malware acting as Rat, with the focus of stealing data and modifying copied cryptowallet addresses. --- Category: MALICIOUS - The...
MAL-2026-2233 Malicious code in lightmock (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a3c7924362f935b55a808e1ede8ffea2dbc96326b853dc00d7ede36c002ff63c Clone of a legitimate package. During import, heavily obfuscate code downloads next stages and finally exfiltrates sensitive data, including data from web...
MAL-2026-2141 Malicious code in corexloader (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 02fc84ddadc717cbd2dc073832c3c9e438f82d2671927fa79be959fea7031304 During importing, code starts a malicious script performing exfiltration of sensitive data and credentials from e.g. browsers and Discord clients to a remote...
Malicious code in myproject-bola (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f85bf2df7a8a311b7140ca4086746ecf3c26b219843b96c1f9f8c22f505e7edc Starting the module initiates an infostealer with a Telegram bot and RAT-like functionality and hardcoded credentials. The code automatically adds itself to...
MAL-2026-1091 Malicious code in myproject-bola (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f85bf2df7a8a311b7140ca4086746ecf3c26b219843b96c1f9f8c22f505e7edc Starting the module initiates an infostealer with a Telegram bot and RAT-like functionality and hardcoded credentials. The code automatically adds itself to...
Malicious code in hairest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6a47476109391081ac326c65a5624df44ba19f7e2597aaeffa47552a053e9773 Package collects and exfiltrates Discord credentials from multiple sources --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
“Sleeper” browser extensions woke up as spyware on 4 million devices
Researchers have unraveled a malware campaign that really did play the long game. After seven years of behaving normally, a set of browser extensions installed on roughly 4.3 million Chrome and Edge users’ devices suddenly went rogue. Now they can track what you browse and run malicious code insi...
MAL-2025-191860 Malicious code in rtcpy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 75bd7b21b8b27920b63ff14b07b761f57e72da9866682e4e49bd569e660215fd Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...