10287 matches found
PT-2024-40067 · Pypi · Aiocpa
Name of the Vulnerable Software and Affected Versions: aiocpa versions prior to the removal from PyPI Description: The issue concerns a user-facing library used for generating color gradients of text, which introduced malicious code in version 0.1.13. This malicious code targets Crypto Pay users ...
MAL-2024-10877 Malicious code in newpipv3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 54fac2a807bae6742d82c86f55d97a1b4a810e42ee3b0b9dcb0c981c36ab712d The OpenSSF Package Analysis project identified 'newpipv3' @ 0.1.0 pypi as malicious. It is considered malicious because: - The package...
MAL-2024-11537 Malicious code in blackamerxs (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 50486a7fa5636706a3c90bf515f6664c6cbb11aa127f9b3e95d7b38cf89c80c8 If run, the code in the package exfiltrates all files from the current directory tree. --- Category: MALICIOUS - The campaign has clearly malicious intent, lik...
MAL-2024-11693 Malicious code in reverse4343 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a90c21a3dc6b4091f1ccd6f17c99b1ec955954d2b78e93029e63c33f12ed3c7d The package contains only a reverse shell started on installation --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
MAL-2024-11534 Malicious code in backwwi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 23f7db675ae2d9beeb90ac31070aeb2a2ca9902ae348f92b30f828c200cc3441 When importing the module, the obfuscated code downloads and runs a remote executable --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2024-10573 Malicious code in fabrice (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security d1d6b36980b1999e5525b7490b4a430c21cb4f86493a11b76f34ae8c02bfc19c The PyPI package fabrice is a malicious package typosquatting the legitimate package fabric. The package is an info stealer primarily...
Fabrice Malware on PyPI Has Been Stealing AWS Credentials for 3 Years
The malicious Python package "Fabrice" on PyPI mimics the "Fabric" library to steal AWS credentials, affecting thousands. Learn how…...
Malicious PyPI Package 'Fabrice' Found Stealing AWS Keys from Thousands of Developers
Cybersecurity researchers have discovered a malicious package on the Python Package Index PyPI that has racked up thousands of downloads for over three years while stealthily exfiltrating developers' Amazon Web Services AWS credentials. The package in question is "fabrice," which typosquats a...
Malicious code in byte-flux-3822a6dd00d6414daba3ae0de3930a5a (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cec00e10a19e19684fc4887fa09aa1025aafc00f1121baacdf55f0c3b2ba9aec A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
Malicious code in byted-flex (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f7c46f02d189ba471aba10b985193a2e0476f4f7f9f6e068ddf3fe79c2088ea1 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
Malicious code in shaiduwkv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8d39898d7fd471847c230f1974b0352d089b72938b4dc47cbd918a10a1d8ce8d A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
Malicious code in easydicts (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9206e6e8b697ab23f82a17cb169a867896f4f8469351b31cbb31f41bee662cee A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
MAL-2024-10728 Malicious code in huggingfaces-hub (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 030324e12766820002cc282dbac28f60bb0f2fc82d459e96c82f073a14e75592 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
MAL-2024-10828 Malicious code in paws-room-acoustics-simulator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 445343e49b96223100e6e2d17e72f3cead8dedeeac8f6250e2b3b66b52c694e4 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
MAL-2024-11638 Malicious code in monolit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4b004b665ba91ff3119a753e0b37cdce906d100aff101c2f536720bdd74fa027 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
MAL-2024-10449 Malicious code in e3po (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6e55b96ff3221ade1d2079281a02ab8f0ca735d44a6a00796a24913813b7f8e6 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
MAL-2024-10825 Malicious code in lapnet (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 307a1f48007c80dd0a32f9487bc91bd1d12602c53b4942e5826724e659929f44 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
MAL-2024-10731 Malicious code in sphinx-rtd-themes (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1933e78b1c1cac28d6c11543982037a14a670072822edf7efeba506a880e47a6 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
MAL-2024-11543 Malicious code in bytebs (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 443278bc9421868cfa1431a267241ecb62582b57285a1d5f093d7109e2d12288 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
MAL-2024-10645 Malicious code in projectp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f40cc91696052e8a21ac505ab295f1e6ca955f84096a8196bea68ed42a34e79c A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...