Malicious code in graphicctx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8867133b18f35132bf0096bdbd5d1891e87f8a07bbba09f6dffe21c8b048596e Packages in this campaign are used to exfiltrate data from users installing code from prepared Github repositories. Packages contain code to exfiltrate files...

MAL-2026-3219 Malicious code in tns-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 186bfba0931ba063bd6e71325785b97c646cbfaaf91c4dca876653673d29c0cc Package is prepared to exfiltrate environmental variables. The wording used clearly states it's part of a campaign targeting cryptocurrency users via malicious...

Malicious code in chalk-fancy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b86a641eb2b6239d8a88849df88a1a148fa5380e3c8767dc59915edb295ef5b3 When used, package exfiltrates sensitive environmental variable. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

MAL-2026-901 Malicious code in platforms (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 152f27ebcd7a8c662ffcbfe69086e0a50e71f73993bc7d97ce3bb67896c8a4dc During importing, the code automatically starts a Telegram bot designed to download and save files locally upon a specific message in the channel. While this...

Malicious code in python-tg-bot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5397ab6595b8237172e9a49952d092803e03526e3dda8277c64dc4d26ae45ff2 During importing, a dependency with infostealer is loaded and package attempts to exfiltrate credentials. --- Category: MALICIOUS - The campaign has clearly...

MAL-2025-191797 Malicious code in multis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d8dd7fcb7e4ce42262ad3ce89ed580a46e9a2f979c4e2c9db668fb374ae452b8 Infostealer with multiple possibilities, but not auto-activating on installation. There are already multiple attempts to publish it, with different...