MAL-2026-2665 Malicious code in hive-os-settings (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27052e523741d1d8f29aaadcd3735affbdeaa919d6fad2d0ff01ce878d6e5637 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

MAL-2026-2299 Malicious code in mnemoniclib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c88fa4e30e2437fef5f03db434adb0f34ee48d8bec2d3361d123b10086b28772 Clone of a legitimate library with added malicious code that runs during generating a new mnemonic. The malicious code collects data related to cryptocurrency...

Malicious code in requests-testik111 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 72561775d8d7a7c1e47c83f2a7e13ed9eeb776d05ca6924cfcceaca7cad0cfef Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

MAL-2026-2233 Malicious code in lightmock (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a3c7924362f935b55a808e1ede8ffea2dbc96326b853dc00d7ede36c002ff63c Clone of a legitimate package. During import, heavily obfuscate code downloads next stages and finally exfiltrates sensitive data, including data from web...

Malicious code in robloxapi-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ff27677fd14eddf36fd58fee0bb539ef89fd596e83450c68f8dc0436350abfd6 Installation embeds a malicious PTH file that then during import downloads and executes remote code. During analysis, the remote code was a test starting...

MAL-2026-1496 Malicious code in robloxapi-testy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f0221b6839d8882a9275e177ae71c7bed9cc15a96800e4cead5766c67f0dd042 Installation embeds a malicious PTH file that then during import downloads and executes remote code. During analysis, the remote code was a test starting...

MAL-2026-610 Malicious code in snapshot-date (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8e86008d35e5f11e68c465940563127cdc9ba1d4b2963f092914bf8e9ce2587b This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

Malicious code in smtrlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2c1075f7c4373ccaac9936bfd75a22a27f0c9ba06a5402a68a45fe8121f58783 Malicious copy of a standard library module that during class initialization downloads and executes remote code and after that attempts to cover its tracks by...

MAL-2025-191782 Malicious code in loggerex (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7a27ca3e673f54a1e041d55e84b8a0e871239df2331c9a3fd1dbe20d1fa86f56 It's a clone of "loguru" package which on import loads a second-stage script from loguru.guru. This makes a few checks and downloads the next stage, which is a...

Malicious code in fastertelethon (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3ccfc281c2541df7e1354e6de8c64624fdc75dcc229d33962b171b0a95087edf Clone of Telethon package that exfiltrates credentials. See client/telegrambaseclient.py L608-626 exfiltration function and client/auth.py L163 usage. ---...

Malicious code in time-check-server (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a5da6618a6f04ceb52acd56bc78e318cb7fbffa07ef3acc041729afe52428c44 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-191871 Malicious code in snapshot-photo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 61ed09e2fa2143dedd945c585d917ad8d7b55d7118e5093430b48c5c02d126f8 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-191687 Malicious code in awscloud-clients-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e27bf5713a8bafdbcc34c43b98cc4d5e9c5d03e4952f788b12ff9749081b22d2 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...