Malicious code in roboat-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 869ea4b94181bc5ef23562a4d749b462fb7079112cca74072ee9036fb397921f During installation, a malicious executable is downloaded and run. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

Malicious code in roboated (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0c9f3bba9c27e61fbe6934c9d130ada39dd87f7b7c376fe33609be1ecbaf96e2 During installation, a malicious remote executable is downloaded and run --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

MAL-2026-2143 Malicious code in roboated (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0c9f3bba9c27e61fbe6934c9d130ada39dd87f7b7c376fe33609be1ecbaf96e2 During installation, a malicious remote executable is downloaded and run --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

MAL-2026-2140 Malicious code in coreloader (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5d7c219be7c779fe573e80949a521df2a096e7358be92f99cee6a50dd252e09 During importing, code starts a malicious script performing exfiltration of sensitive data and credentials from e.g. browsers and Discord clients to a remote...

PYSEC-2026-2 Two litellm versions published containing credential harvesting malware

After an API Token exposure from an exploited Trivy dependency, two new releases of litellm were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API. The malicious code runs during importing any module from the...

Two litellm versions published containing credential harvesting malware

After an API Token exposure from an exploited Trivy dependency,two new releases of litellm were uploaded to PyPI containing automatically activated malware,harvesting sensitive credentials and files, and exfiltrating to a remote API.The malicious code runs during importing any module from the...

MAL-2026-2401 Malicious code in rocketpill (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in rocketpill (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in flycalc (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2026-2399 Malicious code in flycalc (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2026-2201 Malicious code in privaton-beacon-img-8f3603448690bdde-png (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron be565465ab48d5cf9d07625d2414c21814f63826ea9325c35dca838e40aa24e9 This package is an install-time-executable sdist that uses setup.py paired with an opaque data.bin payload and a beacon name...

Malicious code in privaton-beacon-img-8f3603448690bdde-png (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron be565465ab48d5cf9d07625d2414c21814f63826ea9325c35dca838e40aa24e9 This package is an install-time-executable sdist that uses setup.py paired with an opaque data.bin payload and a beacon name...

MAL-2026-2144 Malicious code in litellm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 6a89401cbf53902e8374fbf3b424a77bb5e5f8c437176232eab7c3237d10ecbe LiteLLM was compromised through trivy security scan in a GitHub workflow. Attackers uploaded malicious versions of LiteLLM to PyPI. The...

Malicious code in litellm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 6a89401cbf53902e8374fbf3b424a77bb5e5f8c437176232eab7c3237d10ecbe LiteLLM was compromised through trivy security scan in a GitHub workflow. Attackers uploaded malicious versions of LiteLLM to PyPI. The...

MAL-2026-2124 Malicious code in mgrcfg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eeb9b6975940ff31a6a0f6361fd93d8d361a3687103c94c011a6fdf510a2fdec The code exfiltrates content copied to clipboard content to a hardcoded location. The code is obfuscated and has a persistence mechanism. --- Category: MALICIO...

Malicious code in rowrapee (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 398cfbdac2d3602a5c9836408942993c3f2bbcda911184825f01cf9937fb035e The package hides code to download and start malicious script containing malware, identified as adware. The triggering method seems to be PTH file, although it...

Malicious code in roboat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f04db4869c9e981873683b537f335c1f25c7c17c283315859699855a9c20816b During installation, the code attempts to download and start malware. Connected with the campaign based on the time correlation and other packages published by...

MAL-2026-2121 Malicious code in roboat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f04db4869c9e981873683b537f335c1f25c7c17c283315859699855a9c20816b During installation, the code attempts to download and start malware. Connected with the campaign based on the time correlation and other packages published by...

Embedded Malicious Code

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Embedded Malicious Code. Vulnerable releases of this package were compromised with malicious code that conceals a multi-stage credential stealer and persistent backdoor. A...

Malicious code in hash-utils-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4177b7c46ecbfa35116b35a2a491107d0514cd6551a447b7213ef6e097172939 During importing the module, the code attempts to exfiltrate sensitive Telegram's client session files. --- Category: MALICIOUS - The campaign has clearly...