10296 matches found
MAL-2025-6487 Malicious code in crto0 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8bdcf6d997fa4676ca2da647171f21e944f9b7d0f34010e6ea8da42364a2d03d Importing the module starts downloading or decrypting, and then executing an executable being a wide recognized malware/Infostealer Redline family --- Category...
MAL-2025-5847 Malicious code in vtk-osmesa (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 910e787804512eabe1c118f5347fed9f57ca936717e18a80d26622108d75399e During the installation, sensitive information are exfiltrated incl. env variables --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2025-193014 Malicious code in cas-base (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 69eb341218878aebdec66eb5a44391314921fe3c7fb387021d0684bbb91913b3 The package contains code to install remotely stored malware and ensure its persistence. The code is not triggered automatically; it requires a separate trigge...
MAL-2025-6492 Malicious code in dbnodeindicator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0ca31ed82ece767a66ae60f44cfb3e36aa54f84e952217e36376f6519ac1f777 Code download and executes a remote script. At the time of analysis, the remote code just runs a notepad - as so classified as a pentest/research. --- Category...
MAL-2025-6522 Malicious code in httppack (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d66d0c3948eb48c93a56872d2a149edfcc65ae57178e7d7a51405ef755880939 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
Malicious code in package-346234294 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c9741d027897445cdd34a40de0f592a42641170b88a9cbab6cee3dbaaeeedb39 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
MAL-2025-5837 Malicious code in test-package-avinav (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 db665678ac908b6f9aa76ef069759ebd70b62c901a6f840b765ba7cac299c423 During installation, a heavily obfuscated code is executed. Exact behaviour unclear --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2025-6513 Malicious code in gramapi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2c3452393093f1f74c19a9049b50fb9c96e9b31ef8235cf0597eb656e6feb8ea The code is automatically starting, calling a Telegram channel with basic info, and waits for remote code to execute --- Category: MALICIOUS - The campaign has...
MAL-2025-6569 Malicious code in puregram (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7bd190edcbb3734a8578c4e0c5dbd9655bc59613d53e67bfd04b3604cf1aa328 The code is automatically starting, calling a Telegram channel with basic info, and waits for remote code to execute --- Category: MALICIOUS - The campaign has...
MAL-2025-6610 Malicious code in tronpyapi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3937a7f13d0db04c75985a870ed1eec73aaaff23ce5c45d9fcb64a239576cfc7 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...
MAL-2025-6491 Malicious code in dbindicator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7728e8fd1f3038b080b037908fea583383e6418d0aeb819e4b41b2b812b0b9d4 Code download and executes a remote script. At the time of analysis, the remote code just runs a notepad - as so classified as a pentest/research. --- Category...
MAL-2025-6558 Malicious code in node-db-indicator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7c9a18fe9ea04133e7de33313046092ffb5e8ccef6c1bf5f44e9b6d5e3835aa2 Code download and executes a remote script. At the time of analysis, the remote code just runs a notepad - as so classified as a pentest/research. --- Category...
MAL-2025-6621 Malicious code in web3toolkit-base (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bdfcb6d5feffbd89fd13ed27d03b0bf7c14970f09ceeb202f8b36703fec6e907 Code monitors the clipboard and when detects a cryptocurrency wallet, attempts to overwrite it with the own address. --- Category: MALICIOUS - The campaign has...
MAL-2025-6488 Malicious code in cryptob (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d0ee1f01fb1d9fe3ac1d88bec06c858d0c3e33f2531e7ca1afb30177f0b85e84 Importing starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-07-cryptoo Reasons based...
MAL-2025-6489 Malicious code in cryptoo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f63e4b5c515be094f240f956e15464da0258bdd6948006f25419be60138b4764 Importing starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-07-cryptoo Reasons based...
MAL-2025-6604 Malicious code in tq95 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 abb1e0b01bcc48bdbb798a617be723bf433722a7bede307de21214a92d569949 Importing the module starts an infostealer exfiltrating browser data, passwords, crypto wallets and implants a Discord stealer. --- Category: MALICIOUS - The...
MAL-2025-6478 Malicious code in cloudscrapersafe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2420d6a750823b640af4d97d3a2a26383ce9e32d3ac266e4792675e8beb9b806 During processing the user requests, the package looks for URLs related to checkouts using services: - credomatic.compassmerchantsolutions.com -...
MAL-2025-191764 Malicious code in imad213tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2cddffd96538ab03979aa6404e3c946258e49677220c4820f3a8f0972b31cb17 Encrypted code offering massive sending Instagram followers. 1 besides of using some shady services to achieve the goal, it also exfiltrates saved Instagram...
MAL-2025-6564 Malicious code in pipmodule823 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 57b078ffca6f219848df2289282933442be06a2932d0d163ede59fe4a533faca If run as a module, the package downloads and executes a remote script. At the time of check, the remote script was just opening a popup; thus it's not...
MAL-2025-6565 Malicious code in pipmodule83 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 95b01ea01a7fd1ff5e52491e6b143aa98f45a6f331814222fe38e76ad3ac0863 If run as a module, the package downloads and executes a remote script. At the time of check, the remote script was just opening a popup; thus it's not...