Malicious code in easyllmai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4589bbb71e0bb3589a162bf2102bba5e8bf7124d3988235647d1e3c1d01821d0 During pip install, setup.py performs an unauthenticated HTTP fetch of https://pastebin.com/raw/yBcUM1QB, takes the first line of the response, and...

Malicious code in telegramlite (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 be464abbf0e3f375f4865ac2802a6b6d96e7af1ce30984d84f464470cdef17dd Package exfiltrates data from the Telegram application to a remote location, effectively collecting Telegram sessions. --- Category: MALICIOUS - The campaign h...

Malicious code in xfoofoox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 94e46dfacc8ffb015e2258d96dedda0eebb7118144ace7021794c88b319ade14 During import, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Malicious code in solana-cli-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80ee640ddeeacc31a125ec0fcc11dcb5f9a23e18f5ed003ce2dfcb1de8bbe1dd On import solanaclipy, the package's top-level init.py unconditionally invokes report, which harvests standard developer-side secret material and POS...

Malicious code in solana-web3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4967ebad2d1f4f5802ef50f1d399c05c4dfab94a208079695570b15ffef0fdd2 On import, solana-web3/init.py executes a credential-stealer payload. After a sandbox-evasion gate checks for 12-hex Docker hostname, /.dockerenv, an...

Malicious code in anthropy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fa5e8904e682bfc10273961eb25b914c8d79b89e2a6c923c32bb9b3233d41c2 The package anthropy is a one-character typosquat of the legitimate anthropic PyPI SDK. The sole module anthropy.py executes a classic Python reverse...

Malicious code in modulebuild3240234t (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4d5962bd4c41d59c276f1fa132030098e557dee6bfe0b0a368a952f70d217287 The package contains an infostealer targeting the Roblox ecosystem. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

MAL-2026-5029 Malicious code in modulebuild3240234t (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4d5962bd4c41d59c276f1fa132030098e557dee6bfe0b0a368a952f70d217287 The package contains an infostealer targeting the Roblox ecosystem. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

Malicious code in datapipe-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 74a9da1afe75ec2379c4bade6ac5145c920900e1a1e1173d59b9003061e3fb0f The package intentionally uses the malicious binproto package deploying the malware. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

MAL-2026-3664 Malicious code in workingitmehelpit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3e553fe0eea72dc43eab2696330acd6fbb3e4de8c95529eab6298411620c0c9f Package installs malware identified as a backdoor or reverse shell. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

Malicious code in crypto-bot-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3ece4ae851dba85751377f47097bd30525eafdcbf8cd08b57d2a06aa3a02b367 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...

Malicious code in solana-scanner (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 047a41b9a67bb975c2e98b31b5e13875569de5097f0b61bb5984e300687e03e3 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...

MAL-2026-3219 Malicious code in tns-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 186bfba0931ba063bd6e71325785b97c646cbfaaf91c4dca876653673d29c0cc Package is prepared to exfiltrate environmental variables. The wording used clearly states it's part of a campaign targeting cryptocurrency users via malicious...

Malicious code in buffparser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5cc891132b1216e9093bcdd4581373dc7f750f700c82347c28bd1dff079261d8 Described as a utility for gaming, the code starts a reverse shell when using the exposed alledegdly parsing function. --- Category: MALICIOUS - The campaign h...

MAL-2026-3139 Malicious code in robase-start (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 827cc431e55560fd4944d6b7fa6c47e6adb5027a75fe949642630843b0c8702e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in fetchapi-syncdata-pypi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d0dcf5bd5c71d077b3763c74d57d68d5517a2b5c5229fdd5bd6f7369cb2a0f49 The package contains code to download and start a malicious executable. It's masqueraded using name similar to Windows services. In analyzed versions, the code...

MAL-2026-3100 Malicious code in fetch-data-api-syncapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dda63ba0d0dbd4ddf1d89523cacf89d51ffc9a25891e38cb49a9e424721fba9d The package contains code to download and start a malicious executable. It's masqueraded using name similar to Windows services. In analyzed versions, the code...

Malicious code in robase-gui (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ffbeda05758af4fb3c32de434df674102718336d499124f08b158271e4a08f7e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-3044 Malicious code in quicksolving (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 334524bfbf6438acc5016e76054740cdb532bdd9921695cbcc1852c568226708 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in rosolver (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0904af239ce7e030d9cde78de066412fb3942a4b12ea8be5c5d45681417230fc During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...