Malicious code in btd-smart (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ad22b27351879a89349a1232ee5abb46bc589399ea710b9769526a8080b3199 The package presents itself as a clone of juliangruber/balanced-match stolen author identity 'Julian Gruber ', verbatim README, identical API renamed...

MAL-2026-2963 Malicious code in typelimagic (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7fcef0c386cca43024460aa4a1b47a99109e4ba02159a8fbe426c12f9884a83e Clone of a legitimate library. The added code scans system for sensitive files, with the focus on crypto currency wallets, and exfiltrate them. Previous versio...

MAL-2026-2405 Malicious code in eht-account (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7e1fa4f35985059ad18e3e325fc65e1d25a5692cc9690a4b15af2d76492b95fe Clones of a legitimate library. During processing the private key, it's getting exfiltrated. --- Category: MALICIOUS - The campaign has clearly malicious inten...

Malicious code in ether-account (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e807b32b64c457df7e89ee3ba1e8e25fe779ccff08b1da00800b705ff833f42e Clones of a legitimate library. During processing the private key, it's getting exfiltrated. --- Category: MALICIOUS - The campaign has clearly malicious inten...

Malicious code in hiveos-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6d040e58dddde324da836a19a41eb5c65698ef869ed3e534f662136f1fb48440 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

MAL-2026-949 Malicious code in ethrpc-keys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f086c363123d21b52dc28b5a642db6c1eb84e01dc519995435476b19655d63a9 The malicious code is in the ethrpc-keys package, which is a clone of legitimate eth-keys, but contains a modification that silently exfiltrates the user's...

Malicious code in kingwork-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5f5651b094b6f22f4f79f533c24bb398eb10ed340bfccdcdc75fa5dcfc98b8bf The package contains the same code to deobfuscate code as in previous packages, but the malicious code itself is missing --- Category: MALICIOUS - The campaign...

Malicious code in loquru (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a98209ec0f506986521ebd7b24de4f266f6bb61aba50f2dc511c391f1037848b It's a clone of "loguru" package which on import loads a second-stage script from loguru.guru. This makes a few checks and downloads the next stage, which is a...

Malicious code in nava-clone (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74fb4caf6f9420831f8001a0382c3a357186529a0cf6e822e884eeaa90182ac3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-191724 Malicious code in fastgram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bbc47050a01cdb07bbf87c6a6f47028545200c85d553a4952b686a705a6d7d3c Clone of Telethon package that exfiltrates credentials. See client/telegrambaseclient.py L608-626 exfiltration function and client/auth.py L163 usage. ---...

Malicious code in time-check-server-get (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 25b39f6b89687636c8f9e90e3c326bcfb64ecbfa2594850247d4d2e9646b9257 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

Malicious code in alicloud-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6366aa8c2eff918da0f1cc2118a026e749592f71bebbe81215877575b9593c6a This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2024-12190 Malicious code in ansishade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c34f34cc1bdc60a4851d462f058187107a8c200d06ce08295d773f351fa1749a Importing the module starts the banner function, which downloads and runs an obfuscated remote script. The package seems to be a clone a one of existing simila...

Command injection

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git...

CVE-2022-25900

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git...