17 matches found
MAL-2026-5305 Malicious code in tlask (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2b3ae446f7b8d808b84c157ec455883e0bc45e4f4180e51c5cd42ff9852712a2 Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...
Malicious code in ufish (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 27371fa53e0e8e5e763b18b9bcadfd9b6991c720dd154d17bffeab0e7a139ef4 Versions 0.1.2, 0.1.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...
MAL-2026-5281 Malicious code in executor-http (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cde4da7201fbc0dd3ae09240232f5767c2893e33977d6c8ee9071d15e79f0363 The package ships executorhttp-setup.pth, which Python auto-loads at interpreter start for any environment where the package is installed. The.pth fi...
MAL-2026-5319 Malicious code in mem8 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d2fc000f15b66037b67d503cef346f32d400b0cc704417b28ff6c559c9924d8f Versions 6.0.1 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...
Malicious code in ensmallen (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a05cd4ff9f8142405c5672f1ffa54d575165f6bc2b0f5324c9bfacf75e651de8 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...
Malicious code in executor-engine (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fee580000475783e657a2e66ca6a4a4bd4369aa0bc9f87152b003dca6f34848 executor-engine 0.3.4 ships a malicious site-packages.pth file executorengine-setup.pth that Python's site initialization auto-executes on every...
Malicious code in phenopacket-store-toolkit (PyPI)
The package phenopacket-store-toolkit version 0.1.7 contains a malicious .pth file phenopacketstoretoolkit-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release...
Malicious code in embiggen (PyPI)
The package embiggen version 0.11.97 contains a malicious .pth file embiggen-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release page, then runs an obfuscated...
Malicious code in okite (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cc7d54b0e30e24367551e3f19ab7387cf397cf9e1b5889c9f04ff871c771c38 The package installs okite-setup.pth, which Python auto-loads on every interpreter start. The.pth file contains a one-line obfuscated exec of a strin...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Malicious code in sf-vmeval-requests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a8fa27c8dc6bf13a4f5d92f14414a4f5efc08c1df7f33591a010b4f824e84bc1 During import package exfiltrates the environment variables and cloud credentials/tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has...
Malicious code in fwk-amigapython-amigamlserver (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5d6f09429b123469b1fc83ceb4af35c595ff4b6e2631552fc857922ca921c4c5 During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...
Malicious Package
Overview n8n-nodes-danev-test-project is a malicious package. This package leverages n8n workflow automation disguising as a n8n community node to exfiltrate OAuth tokens, API keys, and sensitive credentials of integrated services. Remediation Avoid using all malicious instances of the...
Malicious Package
Overview n8n-nodes-xkwqpzrt-jmflhvbn-dsyocgxwmkelpt is a malicious package. This package leverages n8n workflow automation disguising as a n8n community node to exfiltrate OAuth tokens, API keys, and sensitive credentials of integrated services. Remediation Avoid using all malicious instances of...
MAL-2025-191861 Malicious code in s3transfer-sl (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e1cc7c88223c47e4c3ceecc6fe73d05c1cbb505061a009f8ae5caf37086a2e09 During installation, the package attempts to exfiltrate env variables and tokens from Azure metadata API. It's a malicious clon of s3transfer --- Category:...