263 matches found
MAL-2026-604 Malicious code in securedrop-workstation-dom0-config (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a496fb67ea100acce3d945e16e2d50d6d3181a322017f80cdf8c01006a49aade Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-192992 Malicious code in umap (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f6dd42f96f818641d94fd4a2085dfd1071b6ce3fa44a3f05b785245ab4d1c886 Simple dependency confusion test. Versions before 0.1.2 do not perform any active action. The original umap package existed in the past, but was removed by the...
MAL-2025-191840 Malicious code in python-doenv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 79b018c186e337070650421bdaa82bd65d50d3cd29ebd457349059e7bb5ddc46 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in peptest2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 60249233a6c88847f2043da362196e4b2652bd7dddb8dbfe92cc3e7b2b2676a9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-191813 Malicious code in peptest2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 60249233a6c88847f2043da362196e4b2652bd7dddb8dbfe92cc3e7b2b2676a9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in klsosdoids5 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9463b9f77f9d64f5acb9c6a75b2969333be89d6d850af7e75628532ff23e0641 Package simulates calling home on import and there has no other purpose --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but als...
Malicious code in mulaptested-pakname (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fe9ba6c7da3568c9fc879641c190c301a2bd8a349b38a44295eb2924139c78b4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in bh-usa-req-ase (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8c83e1a14cfb125b4cfcb3e1ca52afd31fb170b78ade2aa3fd31cc846b8ac7da If run, the package exfiltrates AWS credentials. Though it's described as test, the exfiltration really happens --- Category: MALICIOUS - The campaign has...
MAL-2025-191910 Malicious code in treeherder-submitter (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 62f372bfa72908a63c289d80e0133c9e6a34732dc8e051ba7be3be89ecc01383 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads
Cybersecurity researchers have discovered a malicious package on the Python Package Index PyPI repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solana-token, is no...
Malicious code in tcloud-python-sdks (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 601415ac1e4afe43331c4b78d99e406f34b4a970a365a366cdc0598c5cb22f9c This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
MAL-2025-191887 Malicious code in tcloud-python-sdks (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 601415ac1e4afe43331c4b78d99e406f34b4a970a365a366cdc0598c5cb22f9c This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
MAL-2025-191903 Malicious code in time-server-analyzer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 95abdeda4b05cb93bb442d77d1b339498503b1fddb72e3579359f39c5952513b This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
MAL-2025-191738 Malicious code in getpublicip (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 041ba7130d1460fe6480d062c61c78db3b88cc5c6d060913d0501fdbdc7c35b0 If installed using source package, the package collects selected environment variables, including GITHUBTOKEN if set, and sends to an external service. The...
MAL-2024-12372 Malicious code in zip-me (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4ae48b0e5e3d93cee49e83f0bfa47a43f02ede60914545d0d82204c6664fde6f During installation, the package collects quite extensive information about the host and has no other purpose. To avoid detection, the real code is put in a ZI...
Malicious code in driftme (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4db40025175947d42bcca75bc2f04d0dab05379e9e84108c40de1cda6a854604 Importing the module starts executing a remote script, as well as leaves a persitance in the .bashrc --- Category: MALICIOUS - The campaign has clearly malicio...
Fabrice Malware on PyPI Has Been Stealing AWS Credentials for 3 Years
The malicious Python package "Fabrice" on PyPI mimics the "Fabric" library to steal AWS credentials, affecting thousands. Learn how…...
Malicious code in e3po (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6e55b96ff3221ade1d2079281a02ab8f0ca735d44a6a00796a24913813b7f8e6 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
Malicious code in controlnot-aux (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a99770ef01fb53c863387ed64967ab6ed42be0cf7c901573dcd472db6ae51091 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
Malicious code in byteqs (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d6ca35190c57f806dbb3337e4639f179f6ece665392e5972341cba92767f2747 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...