MAL-2025-4252 Malicious code in veriftest1asdlaa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 84fe70a8f5e34c8334d7284bcc9b71826210f029708a53a6ec4b9bb90a33054b During installation, the package attempts to exfiltrate cloud tokens --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

MAL-2025-4224 Malicious code in meowsapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f59e6347816a732ab5ddebfd141e113bb5cca799fa8b8466f194dbff1a1e428b Importing the module starts delayed downloading and starting a remote executable identified as BlankGrabber infostealer. --- Category: MALICIOUS - The campaign...

MAL-2025-6609 Malicious code in tronlid (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 387ea56c726485890b55cce5a96c6381e248be3c8eba22c22ead08e4b30db3b1 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

MAL-2025-5140 Malicious code in trongridlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 810f3d44ffd0654acef07cf5bc57e4c1c8daa207332751a60c14f29f64832560 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

MAL-2025-6605 Malicious code in tronapinet (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ebb37f42f335b4a5f11e5e9bdb43390d3ba72478ee5c0ffa12c39f0e5226dd3b Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

MAL-2025-5141 Malicious code in wallettronpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6232d6f8e03368abc5a38f906502206757571193ce7daf078c26f2e0cd159882 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

MAL-2025-4246 Malicious code in tronlibpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3830f2a3daeaf5ef1da928f6700860805f4fb3b0f955ab814f4742b334ca7868 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

MAL-2025-6606 Malicious code in tronapipy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f708be2fc70e3c2c9dc79ee1706944cb73f9604b496c4171a5971f5c6e0091fe Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

MAL-2025-6619 Malicious code in wallettron (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 daa2901c8248d9a4e63be69c1595134618d563065c67a466b006d53bd92d5ce5 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

MAL-2025-4245 Malicious code in tronlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7b299597be11bab32fd63419a38161e9f3d21a6ab3ee73d1f8cb6b00e397625f Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

MAL-2025-4227 Malicious code in ora3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9d9ff95457d63990b263b77b0f3468dcd63e0d1837c81843b2d4249706db48c7 Package contains just a function to send out data. It or a package sharing the same IoCs is used in a malicious GitHub project to exfiltrate crypto currency...

MAL-2025-5142 Malicious code in web3evm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6c2f7724a72031eda7b5c33755802a67784979e2a9459d83698b0637be68630b Package contains just a function to send out data. It or a package sharing the same IoCs is used in a malicious GitHub project to exfiltrate crypto currency...

MAL-2025-4269 Malicious code in web3author (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d5eac126109d648cac7a74217f0bc4b9e9bd0d07dc400924bf346f90b4b7ad9d Package contains just a function to send out data. It or a package sharing the same IoCs is used in a malicious GitHub project to exfiltrate crypto currency...

MAL-2025-4272 Malicious code in web3yrpcs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 171ec4f4bbfb34688348ecdda292249487574c8fb28caf8467c0bbafb1563cb7 Package contains just a function to send out data. It or a package sharing the same IoCs is used in a malicious GitHub project to exfiltrate crypto currency...

MAL-2025-4259 Malicious code in walletrpcs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4b93b9b49f17c924bbca7ba78750257a7be53f8d48ad200a16dc5eb4e369a734 Package contains just a function to send out data. It or a package sharing the same IoCs is used in a malicious GitHub project to exfiltrate crypto currency...

MAL-2025-4270 Malicious code in web3automation (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 09a3fb2947bb8eaaf1e65033e8ccee659633669d5de0c0456b4c2e1680317dfb Package contains just a function to send out data. It or a package sharing the same IoCs is used in a malicious GitHub project to exfiltrate crypto currency...

MAL-2025-4205 Malicious code in alchemyrpcs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3de5cb8ee8e308aa3b7dbfcb71e5c3d5becf9c41b1bdfee75a00b4a29c3663a Package contains just a function to send out data. It or a package sharing the same IoCs is used in a malicious GitHub project to exfiltrate crypto currency...

MAL-2025-4206 Malicious code in ark-vmp-reverse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 28ac22df743a6a65eed4d1d25f66c0f3eb42c5235dc749a84162883d313bd415 During installation, a website with the current working dir is being called. It looks like something between spam and pentest as the website is most probably n...

MAL-2025-4207 Malicious code in byted-torch-monitor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8c2b83888c7fcb79b930eaecb1a538d27a131ab415c0b756f84c7071d5a0935b During installation, a website with the current working dir is being called. It looks like something between spam and pentest as the website is most probably n...

MAL-2025-4208 Malicious code in bytedmemfdd345 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 19705d4db8178a4b1dd1282ded6d73256dc10b22125280c241524ec3e9e274af During installation, a website with the current working dir is being called. It looks like something between spam and pentest as the website is most probably n...