MAL-2026-3341 Malicious code in runtime-probe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0253bd4b8dc52c1fc510a9355b9d4178b7e891c7fc0226537a8769dffcef6d89 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in protocol-stub-generator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8ad6f31dc6bdf35ca55cf2a55e9124e07131de068c8ff945e62716637b6e06d1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2556 Malicious code in api-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3bf88cef3ca699f69bada95749b40c4426c9a9c528e53c473698be88cbdc783 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in flyio-token-client-efgh (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2b09830263d8a35450ca657294a1725c441f2f7fe49cc7946e261e8f18401464 During installation, package attempts to modify LLM configuration files to provide a backdoor instruction for further control over an AI agent. --- Category:...

Malicious code in do-not-install-this-package-003 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3b7a8f2037bd4c28a5474af17179da0c12e37019623f5efa4d081d60758d4ac9 During installation, the package exfiltrates env variables and data from different process memory to a remote location --- Category: MALICIOUS - The campaign h...

Malicious code in weorewfoi2393 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 00296490bb9bcec28af256a76790f8c5f96dd45d4184ac6617bbdffad3e674a3 Package tests possible malicious actions during installation by starting notepad. There is no other functionality, it's clearly a test of possible malicious...

Malicious code in aiogram-sever-patch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0be41c08090971a10e54930628353748c82ed55c0f9795b26a932f806852fd4f During installation or importing the module, the package starts a reverse shell to hardcoded locatiom --- Category: MALICIOUS - The campaign has clearly...

MAL-2025-191760 Malicious code in hooktest1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b3e91d71ab21e3575f1354593a314d50bc188b0db7b3851040e522426a765417 During installation, the package starts a code to retrieve and execute commands from Discord --- Category: MALICIOUS - The campaign has clearly malicious inten...

Malicious code in abhamzufu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7ef1806d244274823ed462cd27dc9ec91a4c26d7bc7141bd652ecf05cb40c2dc Package simulates malicious activity during installation and has no other purpose --- Category: PROBABLYPENTEST - Packages looking like typical pentest package...

MAL-2025-191893 Malicious code in testcatplzignore (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3cde630e4fbb39749856eccaa8f1afb813c865152bcf6d2eb0a639f71f2b4cb Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bettercolorstesting (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 607fc60886a9983c22c65cd01bb93585f27b0830f203f3b3b181ff12026ea036 Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

MAL-2024-12226 Malicious code in calccc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 66371c79f4cedb638d8d283883415c46a4bf6be25e3699fe5229bc8cd71a2f0a Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

Malicious code in crunchie (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f26d858f791d6d12aab4d70b3f5494c2b675934ba0b13cffa405ecd0686cfa91 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-12317 Malicious code in oe-extract-idss (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2371553e5caae552a4c2fabb7f8d616fde924ba3f292bbc4073715251602efa8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-12328 Malicious code in postgresql-connector-python (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 87f55ac62324b5fc631b711e125f897d8ae10d06a9d80173463d9a5fa1915302 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...