Malicious Package

Overview @car-loans/gus is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview @cloudplatform-single-spa/magic-bridge is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

Malicious Package

Overview @cloudplatform-single-spa/postgre is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

MAL-2026-4271 Malicious code in data-pipeline-check (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37ca0e77c4eda50057aa04c615897f067ee866d02fc1e2fe65cdbb263d3081e8 On import pipelinecheck, the package spawns a daemon thread that, after a random 3-15 second delay, walks /.ssh, /.aws, /.ethereum, /.config, /.docke...

MAL-2025-191841 Malicious code in python-rootpath (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bb867560d676e7b79ce110b230906a9630feb223cbcb6072bff5a2636c60a3c7 Hidden code downloads, saves and import a remote script. The package itself is a clone of a legitimate "rootpath". At the time of analysis, the remote script d...

MAL-2025-191833 Malicious code in pydefender (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a1e2cc2d94eff74e302118c35c34f87e76175fe507facbe21c29883960c8223e setup.py is prepared to download and run an obfuscated batch script. While the script is not detected by any AV currently, in the sandbox analysis it reveals...

Malicious code in pydefender (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a1e2cc2d94eff74e302118c35c34f87e76175fe507facbe21c29883960c8223e setup.py is prepared to download and run an obfuscated batch script. While the script is not detected by any AV currently, in the sandbox analysis it reveals...

Malicious code in innostage (PyPI)

The package contains code to download and execute a reverse shell script. --- -= Per source details. Do not edit below this line.=- Source: kam193 ec433c9a241ed7127dc5d6f55b002e94a2407ddd47000e50355f118536e9021e When imported, the package download and runs a remote stage - a reverse shell. To mas...

Malicious Package

sj-labc is a malicious package that downloads a script which opens a reverse shell...

Malicious Package

sj-tw-sec is a malicious package that downloads and runs a script that opens a reverse shell in the system...