93 matches found
Malicious code in gigl-core (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 28903f76bed2e89a18c9c276d62c95bb089a091020f89f35f7d2800ef6a3bce3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in intel-ai-safety (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7bafa4e952ec2e2db6e164f8bf385088c38438396f02f8096c28a6105878e729 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-5775 Malicious code in ckanext-dms (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5bce6d55a65fbab98cd93d6109b563f49e9557b542a8b9c2fd68e25755b7089e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-5589 Malicious code in 0x2ai-demo2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98ee2445b2f0b01d2457cf45c188b310f58c98f3b676032f9c6213469f071239 On npm install, scripts/postinstall.cjs recursively copies the bundled payload/ directory into INITCWD the developer's project root via fs.cpSync. Th...
Malicious code in hello-dynamic (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 168dd7abca8ed812dcfb0119eaf80a2b05b186ee37a1e0c8f98e88f884a90602 Package attempts to test exploitation via legacy dependencylinks configuration --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages,...
Malicious code in getd-pantallas-cliente (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89a26267435645776aa984be114d5c657e63fa9937ff044e5ddd24943b28ea6e On npm install, postinstall.js collects os.hostname, os.userInfo.username, os.platform, process.cwd, and CI/build environment variables and sends the...
Malicious code in fia-signals (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b61c6fe7ba81fd99de703bc1c00e0a93b2809363abfbf12b79fd9905830f2b54 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in wallet-agent-ai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bb49d047eeab68307095cf3a30ff0d42d745855890f181e4cb53dc2f6903e91 dist/agent.js contains a hardcoded Telegram Bot API endpoint https://api.telegram.org used in a fetch/POST call near references to process.env. The...
MAL-2026-4360 Malicious code in @aledan007/tester (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab03e3eef2f59f358cdaacedf2d9facb12077110c5402ad36aad6e3581e66439 The bundled server file dist/server/index.js contains a hardcoded reference to the attacker-controlled domain https://evil.attacker-example.com...
Malicious Package
Overview knot-rspec-formatter-json is a malicious package. This package is part of a malicious cluster of Ruby gems published by the threat actor knot-theory. Designed to impersonate legitimate utilities, it executes a payload upon installation that harvests environment variables, SSH keys, AWS...
MAL-2026-3251 Malicious code in puan31 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 27d04731b8fc3968b624ec2435d48b09d1afffb46fefb44745c2c8ff31bf4855 During import, package automatically starts a connection to a C2 server, exfiltrates information about the host and data like the browser's history and sensiti...
Malicious code in aocl-sparse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2f6149e96819a7800ef567eb459fdf9fc6cfc6ba1e6458c8e29e3aa7a50a8968 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in bbranger (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9cb5c90bcde5bf7b63607d4bf5e7be1ccb7b5c9eb2eb92e32dab102be5df3687 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in coinmate-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8c8d1f75669f5e0386a83dad52d569b6711645921989cf520b3b15c59ec26424 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in bytedecs (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 33034832d7823023eca4d7640030b040b26d4d5274e222bf294b7cf0be28430c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in bytedai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6453b603ad8bfd1ff4463c1bd86e1930757b08239ec949b01fbc95ca0c5486a6 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3093 Malicious code in bytedmlp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 747ac5ba3db3b0d1cc24dcec3ffa5c068394edf57bf11d5f28b03526a4eda95d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3091 Malicious code in bytedfaas (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ec7e2decd402442fba2d4ebd7637b596a33ef132120ffe4f3a8b5d2d6ce8475e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3094 Malicious code in bytedpgsql (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 645f636a2360d86d320bbf691de6457d8df8a7e066fa3fce10b8a85f8576a7a2 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2836 Malicious code in restasv3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8b1f1a7427290168b0acaa2bd682cb33a9d3384eb9f0ea95d2bbd295152bfff7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...