9169 matches found
Malicious code in marinff-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c25b081dd711bcb5076c5fbd0ea034850b8e428fed345d93e60036e0e91c9f66 Installing the package starts a reverse shell. The remote server is, however, set as a local IP, so it's most probably testing --- Category: PROBABLYPENTEST -...
MAL-2025-2973 Malicious code in marinff-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c25b081dd711bcb5076c5fbd0ea034850b8e428fed345d93e60036e0e91c9f66 Installing the package starts a reverse shell. The remote server is, however, set as a local IP, so it's most probably testing --- Category: PROBABLYPENTEST -...
MAL-2025-3454 Malicious code in piedefender (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f8a30e991bd97073c50a9cdabb10842f2c5ae074c46fcd0aeff5d7917d4b56fa setup.py is prepared to download and run an obfuscated batch script. While the script is not detected by any AV currently, in the sandbox analysis it reveals...
PYSEC-2025-18
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...
Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads
Cybersecurity researchers have flagged a malicious Python library on the Python Package Index PyPI repository that facilitates unauthorized music downloads from music streaming service Deezer. The package in question is automslc, which has been downloaded over 104,000 times to date. First publish...
picklescan 安全漏洞
picklescan is a security scanning program by the individual developer Matthieu Maitre. A security vulnerability exists in versions of picklescan prior to 0.0.21, which stems from not treating pip as an insecure global variable, which could lead to a malicious model introducing a malicious PyPI...
MAL-2025-2969 Malicious code in kgmicolors (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0d93708c54253e6772832d4aa1ef7f59e5f4f4c159d5ffaaa4045d8267b15b30 Package contains hidden code that downloads a next stage script, which finally downloads and starts a malware from XWORM family as well as an infostealer ---...
Malicious code in serverkeeper-verifier (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 62ec235d314e175928f82504dade8d7f8313bc88707038976e5be6d78709b869 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
Malicious code in tcloud-python-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 221affa8a84428ae21f288ce299d114742d269e7bbcbf223a0aa666327fae2c4 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
Malicious code in acloud-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4900ca27e14ecb6f022a740bd420fa046084355344379dd21a2b59c53d1c95f1 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
Malicious code in time-service-checker (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 92ae5fc73fd7cc45d02ba02f6c3b667d155f681ba74262d66421edee5f19d237 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
Malicious code in credential-python-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6c6598ac9c321af3b0526ddceb5ffc6e78d593e0c3e6bdd259b06c0792705cc6 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
Malicious code in timekeeper-verifier (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3a20fe9fed2445d097ddfd628d59e1b8149913aec4915c112cacfa9fb7cdfc6e This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
MAL-2025-2929 Malicious code in acloud-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4900ca27e14ecb6f022a740bd420fa046084355344379dd21a2b59c53d1c95f1 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
Malicious code in transaction-analysis (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 49ab525dda997f7abc07f4ef30a62443e40a0f01e218b74d6db9b378fe51f2a4 Package contains obfuscated code that exfiltrate basic data and awaits for commands from the remote server to execute them. This is a malicious copy of...
Malicious code in coingenerator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 78810d9638861bd92d3f96d7e29a552a41eb97b69b8deba84892cc7f458fb8c0 Package contains obfuscated code that exfiltrate basic data and awaits for commands from the remote server to execute them. This is a malicious copy of...
Malicious code in coinanalysis (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 786d19aeeea93da949996b447b05122b0750075cb98b943dcb27c0ea622521ea Package contains obfuscated code that exfiltrate basic data and awaits for commands from the remote server to execute them. This is a malicious copy of...
Malicious code in coinanalyze (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f7faa2aef0e6f2b325d841b405418465db3f0dd601519861d70df45bb4d7adb5 Package contains obfuscated code that exfiltrate basic data and awaits for commands from the remote server to execute them. This is a malicious copy of...
MAL-2025-3000 Malicious code in solders-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 eff6c26674dd4f0408742c46785656c3a5d19ca0a87366a60534d37d5a54e687 The only thing the package does is send out all the given data about a cryptocurrency transaction, including the private key, to a hardcoded webhook. Feedback...
Malicious code in singtok (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 20dad294eb5c742d0044f1dde01f51646f0b34a86a7cb86c84547981276f46ce Importing the module starts Obfuscated code that downloads a well-recognized malware. In the further variations, the code that download and starts the maliciou...