MAL-2026-4183 Malicious code in openclaw-agent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b89b6a94f589218276e6dabe5accf4a6d6a9b22cd7412cce0a58069bccd76bbb The package is intended to create a backdoor and steal sensitive data, but the analyzed code did not finally exfiltrate the content of sensitive files. ---...

MAL-2026-3698 Malicious code in trickery (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3ad5df28c8d5f5afa377d6b54a7eac1d3110610783c7e62fbd084a0bd49baac5 Package contains code to install a backdoor - and additionally to a user-controlled backdoor, it also installs the second, with own C2 server. It's not...

Malicious code in pwn-control (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 719b4c85917a0a8bc84e7591598b0d17098dd32c8f29b5c09eb25fe1d3e079c3 During installation, the code runs code to silently control the device via Telegram bot execute commands, exfiltrate files. --- Category: MALICIOUS - The...

MAL-2026-3248 Malicious code in pwn-control (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 719b4c85917a0a8bc84e7591598b0d17098dd32c8f29b5c09eb25fe1d3e079c3 During installation, the code runs code to silently control the device via Telegram bot execute commands, exfiltrate files. --- Category: MALICIOUS - The...

MAL-2026-3245 Malicious code in system-update-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4902f753d49279adae969f368b995d1ec8990f506dfb70d9c8891098f657ae9b If run as a module, the code runs code to silently control the device via Telegram bot execute commands, exfiltrate files. --- Category: MALICIOUS - The campai...

MAL-2026-2819 Malicious code in pynosist (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ef7a4db1443361fe93b268c7ad8f38c5c290d5334162b57c2b534c97acbc2b5d The campaign is built from a benign-like package e.g. genosys and the malicious dependency e.g. pynosist. The dependency uses a PTH file to trigger malicious...

MAL-2026-2818 Malicious code in genosys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2fb27cde30ea3d834e3160e37c203a1f8a271435cf92316a990766c5b8b9791c The campaign is built from a benign-like package e.g. genosys and the malicious dependency e.g. pynosist. The dependency uses a PTH file to trigger malicious...

Malicious code in grokwrapper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a7ae896464be7f195243e35231a2435d0a1eb055cc7fa8cfaef707c7e11c55b2 During importing the module, package silently execute code hidden in an embedded config file, and downloads remote executable. It's then added to Run registry...

MAL-2026-55 Malicious code in lium-io-gztensor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2f87521be2fb53979b969dc362d41bfcf6c9f860f8d6517a76889a81dedc06a1 This is a typosquatting/dependency confusion package that is part of a campaign embedding malicious code but was found before the malicious code was injected...

Malicious code in async-substrate-interface-upgrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f97af1701ef4cd3f9c0a8bf1f8245a4291ac3b704b9149972b27a6dd9966428 This is a typosquatting/dependency confusion package that is part of a campaign embedding malicious code but was found before the malicious code was injected...

MAL-2026-53 Malicious code in gztensor-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6010189e23e54782200df770b6e40ed7e37284779c25f28cd145aadd9ee8b623 Package clones a legitimate library and adds a hidden code that downloads a malicious script. The script then downloads an archive with malicious executable in...

Malicious code in pulsecord (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 025d4e33a2037fb9ad36cb4b08b122e4439bb4932b73ac6c6f403609e7e1c09e This package is prepared for silent execution of a malicious executable, with disabling AV protection. While there is no link to the malicious binary inside, t...

MAL-2025-191798 Malicious code in multithreadedexecution (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3248950b032e1381ddc79d43dfdba8fb6dccce4b1afafd5825e560d793b3bd09 Once run, package downloads and installs an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Malicious code in discord-selfsbotsx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b56aa48c0654abd06a9d624b8c1b5ab4ce170399068d97b994bb4d63635bf18a Once run, package downloads and installs an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...