9169 matches found
MAL-2024-11709 Malicious code in sol-regex-gener (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 863af188c3f151e9ad44d0ed55e0a5faa7120032979ffcdbc822b6dd488dfc12 Inside the library there is a part running code hidden in the attached image, which then exfiltrate user-provided data, downloads and install next stage code,...
Malicious code in ua-agent-generator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7294a5078d47d2797cf31931252b823374b648a48534bc14b59cd73195cfe2f1 Inside the library there is a part running code hidden in the attached image, which then exfiltrate user-provided data, downloads and install next stage code,...
MAL-2024-11734 Malicious code in ua-agent-generator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7294a5078d47d2797cf31931252b823374b648a48534bc14b59cd73195cfe2f1 Inside the library there is a part running code hidden in the attached image, which then exfiltrate user-provided data, downloads and install next stage code,...
Malicious code in upllib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6207428c93f872f851e291726fc7a7384f9226b903c01a5a3f1545f82d66bf0b When importing the module and a specific file exists in the current directory, obfuscated code downloads and starts the next stage of obfuscated code cstealer...
Malicious code in dlibex (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 334235bba91ccf5f6b15b680b7e549e46b7de4a3007d30337b3e72a5124048b6 When importing the module and a specific file exists in the current directory, obfuscated code downloads and starts the next stage of obfuscated code cstealer...
MAL-2024-11579 Malicious code in dlibex (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 334235bba91ccf5f6b15b680b7e549e46b7de4a3007d30337b3e72a5124048b6 When importing the module and a specific file exists in the current directory, obfuscated code downloads and starts the next stage of obfuscated code cstealer...
MAL-2024-11686 Malicious code in pyutiltool (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 33b1b5a9f2482626b8ff1dc21fbf8da61082231e20f1b87060ab133957ce634f When importing the module and a specific file exists in the current directory, obfuscated code downloads and starts the next stage of obfuscated code cstealer...
Malicious code in vizplotlib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 198e2d1a1b349ccb49cf0b7f0e25594a096a2bead4a732926c5862cf0764b012 Running the module triggers obfuscated code that downloads a DLL containing reverse shell and injects it to a benign process. --- Category: MALICIOUS - The...
Malicious code in alfooou (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5bb42c1e46cc4a000429770c7e316646bab8170a9f1191e3f196a4f05a65605f Running the module triggers obfuscated code that downloads a DLL containing reverse shell and injects it to a benign process. --- Category: MALICIOUS - The...
MAL-2024-11745 Malicious code in vizplotlib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 198e2d1a1b349ccb49cf0b7f0e25594a096a2bead4a732926c5862cf0764b012 Running the module triggers obfuscated code that downloads a DLL containing reverse shell and injects it to a benign process. --- Category: MALICIOUS - The...
Malicious code in spider-ai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 aaeb144e288d0288f6013d64f0e9e57164e5c3eded3924fd2282577b59c28f1a Every time the user sends a message to the AI, the user IP, message as well as the response are exfiltrated to a hardcoded telegram channel. This behaviour is...
Malicious code in spiderxr-ai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0c97841e41e7389c0df8b2d96f2a9b1c033f443358bf780c5988bf352f07608f Every time the user sends a message to the AI, the user IP, message as well as the response are exfiltrated to a hardcoded telegram channel. This behaviour is...
MAL-2024-11713 Malicious code in spiderxr-ai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0c97841e41e7389c0df8b2d96f2a9b1c033f443358bf780c5988bf352f07608f Every time the user sends a message to the AI, the user IP, message as well as the response are exfiltrated to a hardcoded telegram channel. This behaviour is...
PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data
A new set of malicious packages has been unearthed in the Python Package Index PyPI repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft of valuable digital assets. "The attack targeted users of Atomic, Trust...
Malicious code in website-scanner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bab4a414e51f614858ff935138ccb2632b0ba1801566c398a699e692715ccaae The obfuscated code in setup.py on installation collects information about the system all possible about hardware, available resources, IP, names, etc. and sen...
Malicious code in pyprettifier (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 52228ec641ddc958a8048619d93a51b762697ab133afc13ec13c01d24b120467 The pyprettifier library has a feature to send out the user home path throuh the logger. It's attached to the init of EmojiConverter class. Other related...
Malicious code in cryptograohy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 67095679f8af3205e005b17a996da2ba17789715d7c66e4fcf31d8c387b85c00 The pyprettifier library has a feature to send out the user home path throuh the logger. It's attached to the init of EmojiConverter class. Other related...
Malicious code in bibit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e944b3bd6b920bf1cfd786ed25cc65b504bd5701203981a460a9c162a0fc282d When running the module, this package attempts - depending on the version - to exfiltrate user files, a screenshot, or crypto wallets data 8.1.4. Later continu...
MAL-2024-11536 Malicious code in bitforger (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9dff60a2be2c253f919aae6a6724cd140df2a3ca9bdcca9e637ea74bc987ac0f When running the module, this package attempts - depending on the version - to exfiltrate user files, a screenshot, or crypto wallets data 8.1.4. Later continu...
Malicious code in saywh222 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 776c407a0a9a3c3b242d222e9b22ada03db555fd91538182fdc5d059b1ddcae7 The OpenSSF Package Analysis project identified 'saywh222' @ 0.0.1 pypi as malicious. It is considered malicious because: - The package...