9169 matches found
Malicious code in web3toolkit-base (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bdfcb6d5feffbd89fd13ed27d03b0bf7c14970f09ceeb202f8b36703fec6e907 Code monitors the clipboard and when detects a cryptocurrency wallet, attempts to overwrite it with the own address. --- Category: MALICIOUS - The campaign has...
Malicious code in graphdict (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d6536224bd962025c65671a0007df1998dbc9485dfb2d628b0a0d57ab916487e Malicious clone of legitimate networkx package with added hidden encrypted code. The exact behaviour unclear as it uses decryption key based on the arguments a...
MAL-2025-6515 Malicious code in graphdict (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d6536224bd962025c65671a0007df1998dbc9485dfb2d628b0a0d57ab916487e Malicious clone of legitimate networkx package with added hidden encrypted code. The exact behaviour unclear as it uses decryption key based on the arguments a...
Malicious code in cryptob (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d0ee1f01fb1d9fe3ac1d88bec06c858d0c3e33f2531e7ca1afb30177f0b85e84 Importing starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-07-cryptoo Reasons based...
Malicious code in cryptoo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f63e4b5c515be094f240f956e15464da0258bdd6948006f25419be60138b4764 Importing starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-07-cryptoo Reasons based...
Malicious code in tq95 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 abb1e0b01bcc48bdbb798a617be723bf433722a7bede307de21214a92d569949 Importing the module starts an infostealer exfiltrating browser data, passwords, crypto wallets and implants a Discord stealer. --- Category: MALICIOUS - The...
Malicious code in cloudscrapersafe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2420d6a750823b640af4d97d3a2a26383ce9e32d3ac266e4792675e8beb9b806 During processing the user requests, the package looks for URLs related to checkouts using services: - credomatic.compassmerchantsolutions.com -...
Malicious code in pipmodule823 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 57b078ffca6f219848df2289282933442be06a2932d0d163ede59fe4a533faca If run as a module, the package downloads and executes a remote script. At the time of check, the remote script was just opening a popup; thus it's not...
Malicious code in pipmodule83 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 95b01ea01a7fd1ff5e52491e6b143aa98f45a6f331814222fe38e76ad3ac0863 If run as a module, the package downloads and executes a remote script. At the time of check, the remote script was just opening a popup; thus it's not...
Malicious code in malimaloo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cfbfc14d4873b047e472e26b760198ecc402eb1ed35d59ab3ace8dc31936690f The only goal of the package is to execute a webhook or a suspicious file during installation. Closely related to 2025-07-0x9xnx - created after previous...
Malicious code in malimalo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3b4acdcbd7f8ae1e20019b3c0126a4b5bac73cb07a6bc4c0c3a024bc2a390b34 The only goal of the package is to execute a webhook or a suspicious file during installation. Closely related to 2025-07-0x9xnx - created after previous...
MAL-2025-6542 Malicious code in malimaloo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cfbfc14d4873b047e472e26b760198ecc402eb1ed35d59ab3ace8dc31936690f The only goal of the package is to execute a webhook or a suspicious file during installation. Closely related to 2025-07-0x9xnx - created after previous...
Malicious code in malinssx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ec1d3e0940a3c37917b528689547d3728f9f3d0b9e408acc7dcc67435c09d2b0 The only goal of the package is to execute a webhook or a suspicious file during installation. Closely related to 2025-07-0x9xnx - created after previous...
Malicious code in hellotesthim (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a7a4369b02deb0d2a9cf1340be0efe760e29f7979e3f7361ba029a282b70597f Series of packages mostly with an obfuscated infostealer attempting to collect Chrome data. While discord webhook is usually set to an example, there are other...
MAL-2025-6544 Malicious code in malipkghehe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7d87e6aa802f74ebffe0dd2741a513b40db41629d41828bf5b9847ca87e7609e Series of packages mostly with an obfuscated infostealer attempting to collect Chrome data. While discord webhook is usually set to an example, there are other...
MAL-2025-191733 Malicious code in fonafx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9441463f029726ea263225e9b0092d82b049e2d7a4e059becd24f5e23c70a906 Series of packages mostly with an obfuscated infostealer attempting to collect Chrome data. While discord webhook is usually set to an example, there are other...
Malicious code in malipkghehe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7d87e6aa802f74ebffe0dd2741a513b40db41629d41828bf5b9847ca87e7609e Series of packages mostly with an obfuscated infostealer attempting to collect Chrome data. While discord webhook is usually set to an example, there are other...
Malicious code in rehttps (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 08172961784989f62b2b0793fa7686e1c25883883f790293df61591aa2fc6940 During installation, package attempts to download and starts an executable. The package itself is a clone of requests --- Category: MALICIOUS - The campaign ha...
Malicious code in walletsdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 24b8f8046f66b9996b1f2169f1034b1c35f0760e09d4e91e712d0b3a36a88d6e Package silently exfiltrates the provided mnemonic --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in walletsutils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 98651db61cea6613aac5b784cf567a82461f39c8cfa2c7634504ea2708989408 Package silently exfiltrates the provided mnemonic --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...