175 matches found
MAL-2026-1225 Malicious code in urllib-slim (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 acbcedbcc1d5bafffbb66128eae99b1fdc6c8e62b65bedd8f62ee2790919d972 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...
MAL-2026-1019 Malicious code in spark-audit-notify (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1c527925d1e7cb4055b6c154326cd54a713ad543349c2b3b6f8ab8f0d75e8cbe During installation, host identification details including AD domain are exfiltrated through a series of functions obfuscating this behavior. --- Category:...
Malicious code in python-files-mod (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3f9a5cad398dbfcea1ea0ed1a7b20c678a67941581a4562aa92703ac86ee421a Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...
MAL-2026-851 Malicious code in python-files-mod (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3f9a5cad398dbfcea1ea0ed1a7b20c678a67941581a4562aa92703ac86ee421a Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...
Malicious code in requests-core-plugin (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f7d809caa4cb4961377b3c02a06f90ce19136a36297191248a8c6cd289a809f2 During installation, package loads obfuscated code that then downloads and starts an executable. The final executable is identified as malware and appears to...
MAL-2026-812 Malicious code in hardixx-code (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c0eeb07f1a0f9149c6e22016d85bcc59e5d0bbbac9514fbef9a2ba0289bf75fe Version 1.0.2 introduced loading obfuscated code during importing the module. However, distributions uploaded to PyPI lack the necessary file storing the code...
Malicious code in hardixx-code (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c0eeb07f1a0f9149c6e22016d85bcc59e5d0bbbac9514fbef9a2ba0289bf75fe Version 1.0.2 introduced loading obfuscated code during importing the module. However, distributions uploaded to PyPI lack the necessary file storing the code...
Malicious code in filespath (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 556cf54f0093609b5c80263f0ba00056293592e66eb2a212454692e9cca38a35 Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...
MAL-2026-701 Malicious code in filespath (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 556cf54f0093609b5c80263f0ba00056293592e66eb2a212454692e9cca38a35 Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...
Malicious code in pathlib-v2-utility (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c8dc8b60e188fb941aeb9f5b6207d2c0fcab27719a142558498bf72d1602d992 Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...
MAL-2026-697 Malicious code in pathlib-v2-utility (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c8dc8b60e188fb941aeb9f5b6207d2c0fcab27719a142558498bf72d1602d992 Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...
MAL-2026-696 Malicious code in pathfiles (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a96d53709493a07432f8619b9ca322fef0fb4bf9080a02da7e8f6bc03353b3c0 Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...
MAL-2026-651 Malicious code in cat-admin-tool (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 34286533490c9ad41743b1eea6659d9c4fd3e62d1a830658b90840f3c49a6c8c Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...
Malicious code in cat-admin-tool (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 34286533490c9ad41743b1eea6659d9c4fd3e62d1a830658b90840f3c49a6c8c Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...
Malicious code in chia-pool-reference (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 51f7e4eb8c8b82bd7c7514255d0eb51dddc657c4b06845232ad8490a514a139c Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...
MAL-2026-652 Malicious code in chia-pool-reference (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 51f7e4eb8c8b82bd7c7514255d0eb51dddc657c4b06845232ad8490a514a139c Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...
Malicious code in credit-decision-metrics (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4a0320017dad96c95d4741c311ead566b7d6bea0c7ffdceea82b435ce74a40de Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...
MAL-2026-653 Malicious code in credit-decision-metrics (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4a0320017dad96c95d4741c311ead566b7d6bea0c7ffdceea82b435ce74a40de Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...
Malicious code in zabitog (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 23d4c7f55266f10f23ddf4a743bb4222b920c0e7f4472c1572a51831a3d1f247 Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...
MAL-2026-654 Malicious code in zabitog (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 23d4c7f55266f10f23ddf4a743bb4222b920c0e7f4472c1572a51831a3d1f247 Obfuscated code is used to hide exfiltration of basic data hostname, etc.. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but...