311873 matches found
MAL-2026-5810 Malicious code in dispatch-internal-plugins (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5993e79eab55ecc24ada6a4bce88f580c958499d51d0d7472e74aad904648964 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in llvm-aie (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 aaaa9db3b2677afec4eb708297d457bc71941d74c73e2276e2a2fa81835f8bc3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in mlir-aie (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b322e48aca1ca0a746c94d2a935756a1303b61a1530cf39bedf9f75097269bad Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in sl-pgp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 53bd44f0ef91bd7b2757153e06bc9a7b697aba1af30af9bc6a6ccb71d7a3012a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in kinto-slack (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0e0434bc9a31ed977738596bc7326ddbc16d225b80d4e219865cb6ec39ff2d78 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-5815 Malicious code in kinto-slack (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0e0434bc9a31ed977738596bc7326ddbc16d225b80d4e219865cb6ec39ff2d78 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-5819 Malicious code in mozautomation (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 26d0e7dfb965969f23786d4bde7d70e597b83df522434aea471171d48442cd12 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in scriptworker-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b8cdfb6bd0db2d192ccd67b0ebb8023dee7343620b9a48c95cc58b5e1ee536f0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-5821 Malicious code in pyptllm (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fa41ae2f65e7cb8e2acbf3c242271656f489b615a11473d00b48dd83e69633f4 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...
MAL-2026-5799 Malicious code in boardflow (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9d5c1524281430272215f48a90b957cf08f76dcb9954cb73945421dff358eb2 package.json declares preinstall: node install.js, which fires automatically on npm install. install.js is heavily obfuscated obfuscator.io...
Malicious code in mddriver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a5b264d05ffaf76e8be2d7a46cb2277211a045fa15e8c510ab60cdd5c5bae56 On require'mddriver', an IIFE in index.js invokes loadTokenData, which fetches https://www.jsonkeeper.com/b/C4H0M stored base64-encoded as...
MAL-2026-5797 Malicious code in neurodrift (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1b632fa784b6125daaba0e4a2b9e775bc4fec21c7d41127b887f9dfe6e873ce0 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...
Malicious code in neurodrift (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1b632fa784b6125daaba0e4a2b9e775bc4fec21c7d41127b887f9dfe6e873ce0 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...
Malicious code in llmfree (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e779d2361b98c48a801fb29dedf2931f94b4264314d074895e14482ad0d5a15f During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...
MAL-2026-5777 Malicious code in field-plus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0112dc4801bb261e86a2f68d5fd49b6c955bb4e82f872c72e61e49cc638ca91c package.json declares both preinstall and postinstall scripts that run curl against a hardcoded bare-IP HTTP endpoint http://3.7.226.146:9000/callbac...
MAL-2026-5785 Malicious code in ve-hemi-rewards (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8252216c6621e6391775d34f5e32815ab8c2a830df080fed52113b4cf855aa1 On npm install, the package's preinstall lifecycle invokes postinstall.js, which collects hostname, username, and current working directory, then...
Malicious code in ckanext-dms (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5bce6d55a65fbab98cd93d6109b563f49e9557b542a8b9c2fd68e25755b7089e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-5774 Malicious code in um4r719-baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53f1c2a49e2308c20e21386b89c058c6acba9105dc484912cb141d7e8a1881b5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in llamagenerator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e72d70dd6ee72468c56f2a334414bd1fa8f5ad1e70fea0d89c08f7d1c8ca557 The package's setup.py fetches the raw contents of https://pastebin.com/raw/yBcUM1QB during pip install, takes the first line, and passes it directly...
MAL-2026-5770 Malicious code in llmgenerator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06e55ac2d3368516d538c8efaad2b83814dbb61813f36ab5655f77677ca0d6be On pip install, setup.py performs an HTTP GET to https://pastebin.com/raw/yBcUM1QB, takes the first line of the response body, and passes it to...