5 matches found
A single post-release of dydx-v4-client contained obfuscated multi-stage loader
A PyPI user account compromised by an attacker and was able to upload a malicious version 1.1.5.post1 of the dydx-v4-client package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible...
GHSA-4F84-67CV-QRV3 A single post-release of dydx-v4-client contained obfuscated multi-stage loader
A PyPI user account compromised by an attacker and was able to upload a malicious version 1.1.5.post1 of the dydx-v4-client package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible...
A single post-release of dydx-v4-client contained obfuscated multi-stage loader
A PyPI user account compromised by an attacker and was able toupload a malicious version 1.1.5.post1 of the dydx-v4-client package.This version contains a highly obfuscated multi-stage loaderthat ultimately executes malicious code on the host system.While the final payload is not visible because ...
dydx-trading-sdk (>=0.1.1 <=0.1.5), locast (>=0.1.0 <=0.1.9) +1 more potentially affected by unknown CVE via dydx-v4-client (=1.1.6)
dydx-v4-client PYPI version =1.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on dydx-v4-client and may be impacted: - dydx-trading-sdk =0.1.1, =0.1.0, =0.1.1, =1.0.7 Source cves: unknown CVE Source advisory: SNYK:PYTHON-DYDXV4CLIENT-15244902...
Embedded Malicious Code
Overview dydx-v4-client is a malicious package. Versions of this package were compromised with malicious scripts in core registry files. Remediation Avoid using all malicious instances of the dydx-v4-client package. Credit: Kush Pandya...