164 matches found
MAL-2026-3372 Malicious code in ninja-core-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 65af5eaa02abf860465d0ee9e11d7b10e3e1e36473aec951f8c1ea38ed8a8560 During installation, obfuscated code exfiltrates cryptocurrency wallet data to a hardcoded location --- Category: MALICIOUS - The campaign has clearly maliciou...
Benchmarking Large Language Models for IoC Recovery under Adversarial Code Obfuscation and Encryption
Software obfuscation and encryption present persistent challenges for program comprehension and security analysis, particularly when adversaries conceal Indicators of Compromise IoCs such as IP addresses within source code. While Large Language Models LLMs have recently demonstrated remarkable...
MAL-2026-3015 Malicious code in lyroxcoder (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0aa87cfde7d0b832cd24067a43e94d812a4f5ce64541e219fb6aa6b7388939ab Heavy obfuscate code for extracting further obfuscate binaries and executing them using file less techniques. Some versions contain the executable embedded,...
MAL-2026-3002 Malicious code in lyrox (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a758a1be229d0656a639cd9e76cb14b3224260a08da87b6de28ff2bc4c1d48ba Heavy obfuscate code for extracting further obfuscate binaries and executing them using file less techniques. Some versions contain the executable embedded,...
Malicious code in asciitoart (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d91767b12efcd1ad71b86b8d6770f33ddd3f1bfdec795dc04fd1d743a63a4591 Through an obscure way, one of the package files got overwritten by a remote obfuscated code, which appears to be an infostealer. After executing the malicious...
Malicious code in kraken-trader (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4bf5ec6e8a6020de1e122cf07f2dde0f02fa1a484ff984586db379729da75523 The package is a loader of malicious code disguised as remote "credits" code. The remote location, built from the parts in the code, delivers highly obfuscated...
MAL-2026-2498 Malicious code in df-sandbox-test (npm)
Multiple evidences indicate malicious behaviors: data exfiltration, sensitive file access, obfuscated code, and suspicious network connections. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97761ee82976dcee2c3d8438258e8ace733bec2d2c7e1020035e9e390f9fa02f The...
MAL-2026-2233 Malicious code in lightmock (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a3c7924362f935b55a808e1ede8ffea2dbc96326b853dc00d7ede36c002ff63c Clone of a legitimate package. During import, heavily obfuscate code downloads next stages and finally exfiltrates sensitive data, including data from web...
Malicious code in oc-navbar-module-client (npm)
Malicious package due to code obfuscation, dynamic code execution, suspicious email, install script, and low project popularity. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec0eedd88f7d05d96544d4fc778561471c0490c16f2fe2c6e8c70428af92e6ad The package...
MAL-2026-2417 Malicious code in oc-navbar-module-client (npm)
Malicious package due to code obfuscation, dynamic code execution, suspicious email, install script, and low project popularity. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec0eedd88f7d05d96544d4fc778561471c0490c16f2fe2c6e8c70428af92e6ad The package...
MAL-2026-2124 Malicious code in mgrcfg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 eeb9b6975940ff31a6a0f6361fd93d8d361a3687103c94c011a6fdf510a2fdec The code exfiltrates content copied to clipboard content to a hardcoded location. The code is obfuscated and has a persistence mechanism. --- Category: MALICIO...
Malicious code in apachelicense (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9d96d45a87e117e72107d6d6dfbe8c4e94323323bc28ce9accd8ccba39a0a46c Malicious clone of legitimate "license" package. When using the findbykey function, the malicious code from strongly obfuscated files is loaded. It then at lea...
MAL-2026-2119 Malicious code in apachelicense (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9d96d45a87e117e72107d6d6dfbe8c4e94323323bc28ce9accd8ccba39a0a46c Malicious clone of legitimate "license" package. When using the findbykey function, the malicious code from strongly obfuscated files is loaded. It then at lea...
Malicious code in pyregions-snowflake (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4c3a6759d779c0fe3ffac5559aa5f8915f72cab6bce545e1fe261f3caab47a65 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...
Malicious code in dmclc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 895439e6afba407fb85d315e2c99f0d1434905a1ee72b172e62d55abbb8c93a3 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...
Malicious code in modelconftranslator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6f61fcbf30122cbf577490fab3968c6b41f95d4d23f6916a7211066bd735ff6e During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...
Malicious code in license-utils-kit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 eb0116c55754c947c819c966f213a99864511536a414619cf3154b89be59f9e8 Malicious clone of legitimate "license" package. When using the findbykey function, the malicious code from strongly obfuscated files is loaded. It then at lea...
MAL-2026-2000 Malicious code in cfgmgr-sync (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e3f72f18351a20c172ef8154055917c9e977fe782b32a4716faed582d67f3071 The code exfiltrates content copied to clipboard content to a hardcoded location. The code is obfuscated and has a persistence mechanism. --- Category: MALICIO...
GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by...
MAL-2026-1483 Malicious code in @jaime9008/math-service (npm)
Package classified as malware due to code obfuscation, use of eval for code execution, and a low number of published versions. The file lib/lib.js contains same obfuscated malware dropler as malicious react-refresh-update package, the author is same for both pacakge. --- -= Per source details. Do...