122 matches found
MAL-2026-5992 Malicious code in runtime-metrics-w7k2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c2062a3f2564ced7261d9b8be8a49e11117bd74ffe3e92aad6029c471921e2d Package declares a postinstall hook "postinstall": "node run.js" that fires automatically on npm install. The tarball ships beacon scripts beacon18.j...
Malicious code in sl-pgp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 53bd44f0ef91bd7b2757153e06bc9a7b697aba1af30af9bc6a6ccb71d7a3012a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in bash8 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 375ef978992bd3c12f8778e62d2c6f8a105fa3a15cc508db6d8dd6043fd7507c setup.py overrides the install command with a custom InstallWithBeacon class that, on pip install, collects the installer's hostname via...
Malicious code in ecto_module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e66c690abd94ee498cd359eb076451c0f6ea3956d8221616bbf8990d35a38c5 On npm install, the package's preinstall hook node index.js reads /flag.txt falling back to execSync'cat /flag' and transmits the captured contents i...
MAL-2026-5272 Malicious code in goodoltoulas (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98a84d10e07878c98ffa21b3920940b10ffac4d3cdd66250c046391ea502aaff On pip install goodoltoulas, setup.py unconditionally invokes setuphelper, which downloads an opaque PE binary from an anonymous file-hosting service...
MAL-2026-5177 Malicious code in fia-signals (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b61c6fe7ba81fd99de703bc1c00e0a93b2809363abfbf12b79fd9905830f2b54 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in my-test-package-2025-xyz (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a2f3ab0a3c7ef9009c99575d9dd051c4a97575435cabf5d3a4c223f53bc47b89 During installation, the package opens a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
MAL-2026-4614 Malicious code in moneykit-cardano-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6186e5ec8b6cea4f1cec3b4284cf09f2e317dd7d745fb5f88e15b355497d08e package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host identifiers and OS files —...
MAL-2026-3835 Malicious code in solana-web3-alt (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b3846bb2c80cb984e05f37cddc24548b73067be9aaca692e401a06f7c323e7b9 In specific environments, the package triggers silent code execution during installation. The code to execute is not included in the package. --- Category:...
MAL-2026-3834 Malicious code in foundry-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9f62cf5a646cd39640b2be03720a6a2195dc4924813146e9a0d387bafa75c7de In specific environments, the package triggers silent code execution during installation. The code to execute is not included in the package. --- Category:...
MAL-2026-3746 Malicious code in jatinangor-teleport-testing-zer0id (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 34c3a001b297d2dfcc37259733ff95ded758a3a89d63331422f239359c60edd2 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3372 Malicious code in ninja-core-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 65af5eaa02abf860465d0ee9e11d7b10e3e1e36473aec951f8c1ea38ed8a8560 During installation, obfuscated code exfiltrates cryptocurrency wallet data to a hardcoded location --- Category: MALICIOUS - The campaign has clearly maliciou...
MAL-2026-3237 Malicious code in protocol-stub-generator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8ad6f31dc6bdf35ca55cf2a55e9124e07131de068c8ff945e62716637b6e06d1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3236 Malicious code in aocl-sparse-v3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 10c555ef158bbcd1dd710fca14862d1cad9ad87ed4f4c35bf9c51d0a8a4fcdac Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in aocl-sparse-v2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b8e60c160aa7b9d4e10282013603466f6d96ac166bb41e18ef043060b3b04745 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3141 Malicious code in coinmate-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8c8d1f75669f5e0386a83dad52d569b6711645921989cf520b3b15c59ec26424 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in bytedvod (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c2b90eec61e5e2a472f910011acc1e66e407b4a240e907ac74289221e1a5e83f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in robase-fast-install (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 eb36bd6222d998fae305e6200dff6413fec375765d7b81876e8041b72101c7ef During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in test-pkg-jie (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bc409f90d96c576263a60bd95ab30260b973097425292cdd53999e49cb3c4011 During installation, the package attempts to create a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
MAL-2026-2962 Malicious code in my-package-jiecub3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1ec43b076f10c0f300bdde6c106bc020894f238b7b2b72e3a3c146d189bdb3a4 During installation, the package attempts to create a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...