MAL-2026-3139 Malicious code in robase-start (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 827cc431e55560fd4944d6b7fa6c47e6adb5027a75fe949642630843b0c8702e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in robase-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f69377c01d5c0980cb9bf905be35133e5cd077e7c64c577460dc06e3871c2d9e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2448 Malicious code in supervisors (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c9f99997c1443b3be7bee7a7d490d05077e1d1c48bdd801f7357881ab1a73ca0 The setup.py contains a malicious code that skips execution if the system uses Russian language. Otherwise, it downloads the URL of the next stage payload from...

Malicious code in roboats-addition (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f9c3e8c3efcca9a56765d765638b1f7a25769a8a94693c4f391804337be55fcf During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in fastapis-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 69baeb910fc47c2e92e2a25cb1db7b5148b4773d193f15aecef4d708f69b1f6d The package clones a legitimate library and contains hidden code that executes remote scripts. During the analysis, the remote code was no longer available ---...

This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions

Cybersecurity researchers have discovered a malicious Python package on the Python Package Index PyPI repository that's equipped to steal a victim's Ethereum private keys by impersonating popular libraries. The package in question is set-utils, which has received 1,077 downloads to date. It's no...

CVE-2025-1716

picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...

CVE-2025-1716 picklescan - Security scanning bypass via 'pip main'

picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...

MAL-2024-12309 Malicious code in my-service-manager (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 58c8e4c726cef11c6d7d60916210f532060a6ff7a98bb7fea5872eb10335dd5d While the package appears to be a manager for Windows service, the linked executable is an infostealer with capabilities like cookie stealing ang keylogger. Th...

MAL-2024-12267 Malicious code in example-pypi-package-loler1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bb19218b6d780973bde55d613a16a9a637728a4d01e79d570bb3406633f0f639 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Malicious code in selfvirtualcontrolultra (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 255eb2423526bb6491e4902041d0a38fb5d27f4f715fb4dd5e6d197dec08d52f EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in selfstringrandomcontrol (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8447087f25780859a739230af70f1bddc3796bd3642149a7fc2d89bb6701a303 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in selfultrapyw (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8daba9555fdb54c7b7fded3af4f5aa7590d69ed764c4f078885083e2cdc084e8 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in selfosintgame (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0d184479a795fd63518ad3a2a1f8f5753c90d71332aebfdc1d220eaf84c3824f EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in visacraft (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1e617d2eef18ffb90edf647fa39ef7fd338d584d7087126098d1c3b39faea195 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...