MAL-2025-3430 Malicious code in bbllaacckkwwoollff (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2507dd4c5b3b3c1fae3213243ff0a27b71955dfbb39069f677660e025ac08f0d During installation, the code either exfiltrate some information about the system or download and execute remote code --- Category: MALICIOUS - The campaign ha...

MAL-2025-3431 Malicious code in bbllaacckkwwoollff-6ad8f762-1a91-45d7-a9c5-356bd858356a (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4da60ab5fd2248194d9c485e99360f30cd77d89de065b6f30259328cfcadd2f2 During installation, the code either exfiltrate some information about the system or download and execute remote code --- Category: MALICIOUS - The campaign ha...

MAL-2025-3484 Malicious code in yolov8mini (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a9222d20b84ed716d5bdf81f1da1d0f088fc7482894c8f25a5d1f757cc477ba9 On importing the module, there is an automated start of a Telegram bot capable of exfiltrating passwords from browsers, executing arbitrary commands and so on...

MAL-2025-3440 Malicious code in codeoptimizer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7ae236bbeace8d7b056d4827059bc1f4b6314e57e75827ce5a980ac9dfb991c2 On importing the module, there is an automated start of a Telegram bot capable of exfiltrating passwords from browsers, executing arbitrary commands and so on...

MAL-2025-2592 Malicious code in blackspammerbd-tg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 899ac6c3d1b62da3553aab693790598d0e87f6530b57d335deaee2545a39eb9c This package seems to be part of a larger malicious toolkit designed for unauthorized access to systems, data theft, and potentially acting as a...

MAL-2025-3460 Malicious code in python-socket-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 93a8d30e631680bace9b05db1ac189cbcc472895fcfb1db40f4df52f301a6599 Importing the package starts a script that takes commands from remote server and executes locally --- Category: MALICIOUS - The campaign has clearly malicious...

MAL-2025-3429 Malicious code in asynchttpx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5b8f233eae76de4578a7b30c6564338d644a7dfa1f59682337792de5ad13668f Importing the module starts downloading and executing first a script, and then a widely identified malware Packages are used as dependencies in a GitHub projec...

MAL-2025-3448 Malicious code in httpx-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d26dbf9fa1035b8b1e189f67123ee22f506cd21c08e17c282176a716af9da033 Importing the module starts downloading and executing first a script, and then a widely identified malware Packages are used as dependencies in a GitHub projec...

MAL-2025-3483 Malicious code in xcepthttp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 98504a58d8dccbb3ea09cc521e14c9a64707763302db04111ad32eeba8616925 Importing the module starts downloading and executing first a script, and then a widely identified malware Packages are used as dependencies in a GitHub projec...

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index PyPI repository with bogus libraries masquerading as "time" related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain...

MAL-2025-191906 Malicious code in tonetext (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c46725ad6c88079cce4f7fa4a29175fec7f78ea83344da99d0f02ac4f020fcf3 When imported, the code embedded into the exception class downloads a remote file, and runs it by importing, and attempts to cover tracks by overwriting itself...

MAL-2025-3439 Malicious code in ccxt-mexc-futures (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f2eb5eb75679b536c430ad6d5440e63fbe1d1cd391ab1abf2a411dae3a768ed8 There is a hidden code that overwrites the default method and downloads remote data, which contains the dictionary pretending to be the right value, and a hidd...

MAL-2025-3008 Malicious code in tlsclient3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 612e1a598a61304a9ae3550acb835ef5962f596bb74e857c2a035ba090e57dc4 Obfuscated code starts a multi-stage infection --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions

Cybersecurity researchers have discovered a malicious Python package on the Python Package Index PyPI repository that's equipped to steal a victim's Ethereum private keys by impersonating popular libraries. The package in question is set-utils, which has received 1,077 downloads to date. It's no...

MAL-2025-2957 Malicious code in enquiry-exam (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 590114fe4174abb1ff72c06bf128aef53bd76a67eaeca5d5e891be001f6b0c17 Package contains a reverse shell. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-03-certifications...

MAL-2025-2152 Malicious code in certifications (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7d51c9defecdd382c5048eb6f92b32558355b8457b2b5cd63f3d86e12e8ed35b Package contains a reverse shell. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-03-certifications...

MAL-2025-2993 Malicious code in pythonhttp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3ed5759c2260c5467724f053f3d59eac62f5491fc2d03350fef0a6f832652e3b Installing the package starts a heavily obfuscated Powershell Script that attempts to at least overwrite copied crypto wallets --- Category: MALICIOUS - The...

GHSA-VR75-HJH9-7FR6 Duplicate Advisory: Remote Code Execution via Malicious Pickle File Bypassing Static Analysis

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-655q-fx9r-782v. This link is maintained to preserve external references. Original Description picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that use...

MAL-2025-2013 Malicious code in xuiniadb (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-2007 Malicious code in useragents (PyPI)

--- -= Per source details. Do not edit below this line.=-...