Malicious code in bt-signal-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d56152c37c3a078b771d2578dd86495783b51b886c96aa7ebb66a7ec36d72a24 During import, package exfiltrates environment variables and cloud tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has clearly malicious...

Malicious code in quant-backtest-helpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ed851ff141e13db6dd7c16a3d4f1b3b92eb9fa6a917f5243ba22ccb933554e43 During import, package exfiltrates environment variables and cloud tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has clearly malicious...

Malicious code in icloud-recovery (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3639028f2f9d36c20b55c655b1d71bc053827f4703e7954b12a4ec3da8edd8d2 On importing the module, the code exfiltrates text files, with the focus on configuration files --- Category: MALICIOUS - The campaign has clearly malicious...

Malicious code in ai-cypher (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5484d32cf20d26ce1585cb1cf90d2ed28c9cf9ccdcf038976a5cec33dd939e4d The compiled native extension hides the code that during import exfiltrates sensitive Telegram files. --- Category: MALICIOUS - The campaign has clearly...

MAL-2025-192683 Malicious code in ai-cypher (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5484d32cf20d26ce1585cb1cf90d2ed28c9cf9ccdcf038976a5cec33dd939e4d The compiled native extension hides the code that during import exfiltrates sensitive Telegram files. --- Category: MALICIOUS - The campaign has clearly...

Malicious code in tableausdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2facdadd713d6c1751cf3c2ca1e5e76f1cb367c5d30c3f06fe73808c6a08fca3 While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...

MAL-2025-191877 Malicious code in spyderlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5c8cd8b0bcebda767e6d2f280c42cfd952522e31086aa816be6b3350611874a1 While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...

MAL-2025-191836 Malicious code in pyrovider (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a346a7f634bedd557ab051ccf33b892a2b6420a97c426a877476b7a66b1acf55 On importing the module, package exfiltrates basic data like username. It's obfuscated with a lot of meaningless text and has no other purpose --- Category:...

Malicious code in myhexsender (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 551ca9f26ea50e6190623b0bc30ab6836e3d0746d1982d5c28c1b5e0daf914db Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...