9169 matches found
MAL-2025-41788 Malicious code in trongridapi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b7421d70bdd0603758337ea36f6465ea98a4df7bd4c383661b11552866d0d411 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...
Malicious code in discordsync (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0da96b494aac7775c3c7672d4d77137cbeb6be21294b7c332a21d0bf978d364e Package is runs an Infostealer targeting telegram and Discord credentials. Depending on version, the infostealer is either downloaded from an URL or embedded i...
MAL-2025-41781 Malicious code in thisisthedaventestz (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d5f510bfda1aeb6999f77b06597e760e13d4058dab2a7f8620bf8c561db5d39c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in zhopaorlaaato (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 45a24b1a49c10f50578e74364357b8de8d31ee62b997c0db957bc0474c841fd7 Package is runs an Infostealer targeting telegram and Discord credentials. Depending on version, the infostealer is either downloaded from an URL or embedded i...
MAL-2025-41802 Malicious code in zhopaorlaaato (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 45a24b1a49c10f50578e74364357b8de8d31ee62b997c0db957bc0474c841fd7 Package is runs an Infostealer targeting telegram and Discord credentials. Depending on version, the infostealer is either downloaded from an URL or embedded i...
Malicious code in thisisthedaventest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c7f6701b95670bcfd620d23e4cc410957fb3cf0cc783ef0ab6d9f3ebe596ac8b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in totallysafe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 772cdbb82e78ad30e8f4cb0bcdd45aaf61884da051a9998fd1c1431335d0eaf7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-41785 Malicious code in totallysafe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 772cdbb82e78ad30e8f4cb0bcdd45aaf61884da051a9998fd1c1431335d0eaf7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in dsodelib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b3646fafa7dac849bdfcdc6c760d037132c5231f61a87721b2a433992a3d3639 Package is runs an Infostealer targeting telegram and Discord credentials. Depending on version, the infostealer is either downloaded from an URL or embedded i...
MAL-2025-41667 Malicious code in dsodelib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b3646fafa7dac849bdfcdc6c760d037132c5231f61a87721b2a433992a3d3639 Package is runs an Infostealer targeting telegram and Discord credentials. Depending on version, the infostealer is either downloaded from an URL or embedded i...
Malicious code in dziplib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4330efb5db5e6d840d35a3da3ca6f6ad39fadff7e37e78745b9e092d365a7ded Package is runs an Infostealer targeting telegram and Discord credentials. Depending on version, the infostealer is either downloaded from an URL or embedded i...
MAL-2025-41668 Malicious code in dziplib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4330efb5db5e6d840d35a3da3ca6f6ad39fadff7e37e78745b9e092d365a7ded Package is runs an Infostealer targeting telegram and Discord credentials. Depending on version, the infostealer is either downloaded from an URL or embedded i...
MAL-2025-41666 Malicious code in dsidelib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5bd949196aad0e516b6c21fb6c9fc50ac76f93ca87d94490d53e3b367401df7b Package is runs an Infostealer targeting telegram and Discord credentials. Depending on version, the infostealer is either downloaded from an URL or embedded i...
Malicious code in supersafepackage (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3b979e1e2520c4f9d07507acc8182830203309adcb9932103a475d3e23e0de3f Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...
MAL-2025-41770 Malicious code in supersafepackage (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3b979e1e2520c4f9d07507acc8182830203309adcb9932103a475d3e23e0de3f Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...
Malicious code in tsesyx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7c8ea2b8c69693d4bd40c7c4b952878565e3bfaa6eb0ea02ab6ef9ca18eadea8 When imported, the package attempts to exfiltrate environment variables and basic user info --- Category: MALICIOUS - The campaign has clearly malicious intent...
MAL-2025-41790 Malicious code in tsesyx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7c8ea2b8c69693d4bd40c7c4b952878565e3bfaa6eb0ea02ab6ef9ca18eadea8 When imported, the package attempts to exfiltrate environment variables and basic user info --- Category: MALICIOUS - The campaign has clearly malicious intent...
MAL-2025-191928 Malicious code in web3dummycti (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9a702a53b1f08d4ee8e06e9dc19f6c942ee7bd755274f898a2ff737796557316 If the method from the module is called, it attempts to download a malicious code identified as msf payload and save it locally. In the analysed version, the...
MAL-2025-191855 Malicious code in req-pre-automate (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6ce39a0e7a45f8d70e0e7e0d0e597b5029dcfcdd422ec0fec324921c5021a9ca If run, the package exfiltrates AWS credentials. Though it's described as test, the exfiltration really happens --- Category: MALICIOUS - The campaign has...
Malicious code in prof-tg-dooorto-qu (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b4b5d4d87a39a286c8665b40b510ac0016d0b71fcc83fde246dd1bca7402af09 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...