MAL-2026-1144 Malicious code in roku-aihub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 19b48d460fde1b6b9802a2f2b7d93928f89b0474235adc54553971ed4575e5df Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-904 Malicious code in strands-agents-anthropic (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b86e2f5ba17218d5e9377627cc2c437009cc3dc7c6615c87b8317995614288c6 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-851 Malicious code in python-files-mod (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3f9a5cad398dbfcea1ea0ed1a7b20c678a67941581a4562aa92703ac86ee421a Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...

Malicious code in statssol (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 578ffe3c11af717c95f71893133a46e8e418742109d414583b3ccc5044fa3a99 On importing the module, a remote code is executed. At the moment of analysis, the remote URL did not return any valid script, presumably as the package was...

Malicious code in tablescene (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 75f24eaea6c977e93d35c431f9bedc66b7757fd5c5635425c28801dad3b50de9 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

Malicious code in cicd-ppe-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c9f1bfe5b5514b9b3a1ffad43be1f06d22faf12f031d325a9e689340c2ab16a0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-604 Malicious code in securedrop-workstation-dom0-config (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a496fb67ea100acce3d945e16e2d50d6d3181a322017f80cdf8c01006a49aade Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-192992 Malicious code in umap (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f6dd42f96f818641d94fd4a2085dfd1071b6ce3fa44a3f05b785245ab4d1c886 Simple dependency confusion test. Versions before 0.1.2 do not perform any active action. The original umap package existed in the past, but was removed by the...

MAL-2025-191840 Malicious code in python-doenv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 79b018c186e337070650421bdaa82bd65d50d3cd29ebd457349059e7bb5ddc46 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in peptest2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 60249233a6c88847f2043da362196e4b2652bd7dddb8dbfe92cc3e7b2b2676a9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191813 Malicious code in peptest2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 60249233a6c88847f2043da362196e4b2652bd7dddb8dbfe92cc3e7b2b2676a9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in klsosdoids5 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9463b9f77f9d64f5acb9c6a75b2969333be89d6d850af7e75628532ff23e0641 Package simulates calling home on import and there has no other purpose --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but als...

Malicious code in mulaptested-pakname (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fe9ba6c7da3568c9fc879641c190c301a2bd8a349b38a44295eb2924139c78b4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bh-usa-req-ase (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8c83e1a14cfb125b4cfcb3e1ca52afd31fb170b78ade2aa3fd31cc846b8ac7da If run, the package exfiltrates AWS credentials. Though it's described as test, the exfiltration really happens --- Category: MALICIOUS - The campaign has...

MAL-2025-191910 Malicious code in treeherder-submitter (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62f372bfa72908a63c289d80e0133c9e6a34732dc8e051ba7be3be89ecc01383 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

Cybersecurity researchers have discovered a malicious package on the Python Package Index PyPI repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solana-token, is no...

Malicious code in tcloud-python-sdks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 601415ac1e4afe43331c4b78d99e406f34b4a970a365a366cdc0598c5cb22f9c This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-191903 Malicious code in time-server-analyzer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 95abdeda4b05cb93bb442d77d1b339498503b1fddb72e3579359f39c5952513b This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-191887 Malicious code in tcloud-python-sdks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 601415ac1e4afe43331c4b78d99e406f34b4a970a365a366cdc0598c5cb22f9c This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-191738 Malicious code in getpublicip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 041ba7130d1460fe6480d062c61c78db3b88cc5c6d060913d0501fdbdc7c35b0 If installed using source package, the package collects selected environment variables, including GITHUBTOKEN if set, and sends to an external service. The...