MAL-2026-5840 Malicious code in testpackagemanyhttpsgo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 336f39e218fe5b5a09ef8ee7757efa7a0ca73c0fe6571bc232d735448499a950 At install time, setup.py fetches https://tmpfiles.org/dl/wawHVGgfydD7/6a306c5f03a52.exe via urllib, writes the response to disk, and executes it wit...

MAL-2026-5773 Malicious code in generatellm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31201af7035560c0798b46e67a374b9526a7e8ed2f856235e5eb0438d1a8d080 GenerateLLM 2.23 is a hollow PyPI package placeholder metadata, no functional code under src/, only an egg-info directory whose entire payload is an...

Malicious code in terminalbrush (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 35e06fb41f9c1a4f082cf49a72dec89fc5b4d2f6580b97e527d291d50807b801 Package downloads an executable, places it distinguished as a Python binary and starts it. At the time of analysis, the URL was no longer active, so it was not...

Malicious code in selenium-stealth-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b7721bb039c55a43bd1dc81dfad14494df158912f9dda006a67881ce54be64d3 During importing, a malicious executable is being downloaded and started. According to sandbox report, the executable is an infostealer of rhadamanthys family...