171 matches found
Malicious code in pyregions-snowflake (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4c3a6759d779c0fe3ffac5559aa5f8915f72cab6bce545e1fe261f3caab47a65 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...
Malicious code in dmclc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 895439e6afba407fb85d315e2c99f0d1434905a1ee72b172e62d55abbb8c93a3 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...
Malicious code in modelconftranslator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6f61fcbf30122cbf577490fab3968c6b41f95d4d23f6916a7211066bd735ff6e During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...
Malicious code in license-utils-kit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 eb0116c55754c947c819c966f213a99864511536a414619cf3154b89be59f9e8 Malicious clone of legitimate "license" package. When using the findbykey function, the malicious code from strongly obfuscated files is loaded. It then at lea...
MAL-2026-2000 Malicious code in cfgmgr-sync (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e3f72f18351a20c172ef8154055917c9e977fe782b32a4716faed582d67f3071 The code exfiltrates content copied to clipboard content to a hardcoded location. The code is obfuscated and has a persistence mechanism. --- Category: MALICIO...
GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by...
MAL-2026-1483 Malicious code in @jaime9008/math-service (npm)
Package classified as malware due to code obfuscation, use of eval for code execution, and a low number of published versions. The file lib/lib.js contains same obfuscated malware dropler as malicious react-refresh-update package, the author is same for both pacakge. --- -= Per source details. Do...
Malicious code in @jaime9008/math-service (npm)
Package classified as malware due to code obfuscation, use of eval for code execution, and a low number of published versions. The file lib/lib.js contains same obfuscated malware dropler as malicious react-refresh-update package, the author is same for both pacakge. --- -= Per source details. Do...
Malicious code in react-refresh-update (npm)
Package contains highly obfuscated code with dynamic execution using eval, a strong indicator of malicious intent. YARA rule matches confirm. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68cf0c0bd6ed2a8c07bc175b5c0cc7f86a49133e67dd5d8f68f37309c5f1a463 The...
MAL-2026-1485 Malicious code in react-refresh-update (npm)
Package contains highly obfuscated code with dynamic execution using eval, a strong indicator of malicious intent. YARA rule matches confirm. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68cf0c0bd6ed2a8c07bc175b5c0cc7f86a49133e67dd5d8f68f37309c5f1a463 The...
Malicious code in dgl-cu117 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4f9fcfe9f469df3c132eca5b08bac4a30c146c7b1305f506fd900b1e78581b0d During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...
Malicious code in fastapi-middleware-cors (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 305178589615e2247b892b3e305e5fd69a0fc02092f0b115b6b384441f5ddd46 Library disguised as FastAPI helper is executing obfuscated code during importing the module. The code is highly obfuscated; the code seems to contain an...
MAL-2026-1422 Malicious code in fastapi-middleware-cors (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 305178589615e2247b892b3e305e5fd69a0fc02092f0b115b6b384441f5ddd46 Library disguised as FastAPI helper is executing obfuscated code during importing the module. The code is highly obfuscated; the code seems to contain an...
Malicious code in nfd (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 09861068d4a40cdebd80dae1ae4db85b45498bdb1f7f039cf44b33f41e68534f Facebook automation/hacking tool, with a part of its code obfuscated. Given that other packages from this uploader exfiltrate user's credentials, this is likel...
MAL-2026-1411 Malicious code in nfd (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 09861068d4a40cdebd80dae1ae4db85b45498bdb1f7f039cf44b33f41e68534f Facebook automation/hacking tool, with a part of its code obfuscated. Given that other packages from this uploader exfiltrate user's credentials, this is likel...
MAL-2026-1224 Malicious code in spark-ml-utilities (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3c1db0bd2243007553e09eff3018d49b00dbdf3a5183d364225d32f80f7b773f During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...
MAL-2026-1225 Malicious code in urllib-slim (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 acbcedbcc1d5bafffbb66128eae99b1fdc6c8e62b65bedd8f62ee2790919d972 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...
MAL-2026-1019 Malicious code in spark-audit-notify (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1c527925d1e7cb4055b6c154326cd54a713ad543349c2b3b6f8ab8f0d75e8cbe During installation, host identification details including AD domain are exfiltrated through a series of functions obfuscating this behavior. --- Category:...
Malicious code in python-files-mod (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3f9a5cad398dbfcea1ea0ed1a7b20c678a67941581a4562aa92703ac86ee421a Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...
MAL-2026-851 Malicious code in python-files-mod (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3f9a5cad398dbfcea1ea0ed1a7b20c678a67941581a4562aa92703ac86ee421a Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...