MAL-2025-191792 Malicious code in minizip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 33ba100525dffc7a828e4b7384f862ff22dfb55d2e7d61a34c0d31ecdff64c10 During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

MAL-2025-191805 Malicious code in nspacercesolve (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8a8c6f18d1f22d3d0f0b9902a176d91fdfe33270faea47c835a0078955b85914 During installation, the package looks for a flag file and exfiltrates it. Similar content is in the main file. There is no other purpose of the package ---...

MAL-2025-191897 Malicious code in tgeffect (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e254217ac113edcc1914bdfcda06509137ceed6a7441b3c846653d769335bcaa Importing the module starts obfuscated code which then look for data related to some Telegram clients and attempt to exfiltrate them --- Category: MALICIOUS -...

MAL-2025-191686 Malicious code in aws-enumerateiam (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c108190780b32337fdce8748948935ac4229f0236710653f363b80a95dfbcd17 Before creating the boto3 client, package exfiltrates user's credentials. In this version, the exfiltrating is masked as connecting to an AWS component. The UR...

Malicious code in perfviewer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ea912a2de677fa6d9ea6dbf9a792dace4d927efd46a5cb615ba8548fec4930e8 During installation, code downloads and starts an executable and a DLL library. After starting them, files are removed from the disk. The executable has been...

Malicious code in hexadecpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e553647ff67ec6e0339b5de8038f9522494a1200e0437156eee7674d5a29ef21 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

MAL-2025-191791 Malicious code in minemeld-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dfe7b8c00b3748b3fe38ffdf3bd69558abb58091ee3347d47003929976ceb457 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in hexadec (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f9d0ae8ccf24a6f5bfc3a0d5e39a983576d6edb2c64d9fe31fcb758236a4aa25 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

MAL-2025-191835 Malicious code in pylibcugraph (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b298ab8786b687f39d3ce25f6a69effd415c27b384fa23bc45c5fdf640448105 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in quicksort-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d58062fd8cad559810255c4386b2acbeda83096e2999ea1172b10d0d7af008cb Importing the module downloads and executes an executable with malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

Malicious code in morosint (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2118ab70535d0272c108e5a454745ae83d10cd3421d5989984ab961b348367b5 Importing the module starts exfiltrating Discord tokens --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2025-191713 Malicious code in db-aggregator-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 aed54ed734902c1a5749b7861e2ad95cc2d8c71c78fa4b0167499f9a1b296f9f Importing the module downloads and starts an infostealer. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2025-191929 Malicious code in wei516-enconly (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3e40931688b41ac8340ab8f27604ba32f1ea6e364df1e614343cbc4cf0df50e8 Package seems to provide an MCP server, but in fact contains attempts to make an LLM agent break safeguards. As the request is about leaves just a flag, it see...

MAL-2025-191925 Malicious code in wayspiritmcp-ppa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 efa23f0b46a88dcde4aa71c67cba31f46d0f8a9eef555daa0cbe4f2bd54d7a38 Package seems to provide an MCP server, but in fact contains attempts to make an LLM agent break safeguards. As the request is about leaves just a flag, it see...

Malicious code in faker-py123123thon (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fab9d41bcbc9a1625b625705433588c2bc1d08ca71e57783cc29b74bc76ddeba Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191625 Malicious code in faker-py123123thon (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fab9d41bcbc9a1625b625705433588c2bc1d08ca71e57783cc29b74bc76ddeba Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

EUVD-2025-37448

Malicious code in python-requirements-inspector PyPI...

MAL-2025-49320 Malicious code in python-requirements-inspector (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8f26b5cd7ab7cb6a847edc1afec2dc496ac0f0bd3f592f2a98391365298c4fc6 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

EUVD-2025-37449

Malicious code in faker-python PyPI...

MAL-2025-191643 Malicious code in krisp-audio (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1940a2f9c0907fd633cc07fcc96fad89f2e4c55cbd38d5fe8df09d1c4048c906 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...