375 matches found
Malicious code in playwrightr (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e165b925f82629524e611c81597c32a171df7cec246dc73f268d8192ccbe2c5 setup.py registers a CustomInstallCommand that runs automatically on pip install under Windows. It uses WinHTTP via ctypes to fetch a binary from...
Malicious code in pyqt6darktheme (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8cd6d16792d681b160ae1e11b3f698d8fd3004cd6019704008ad1c649fbe6f67 Package downloads and runs a remote executable, which was found to downloads further exes and starting coine mining --- Category: MALICIOUS - The campaign has...
Malicious code in httpprobe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb46b890b54f51f3a98c1935dbd50e143430757c5daf4080039d32865b04c1d5 The package advertises itself as an 'HTTP probing tool for security researchers' but contains no HTTP-probing functionality. Its only behavior is to...
Malicious code in bytekit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bbaea22b635a4a8425964572b733b806f45714a9090492d1c39d545088fe336 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...
Malicious code in schemavault (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ae0aa9efa2a8389cfe9d5c41d5ab3689f4965c945a24613493f94f9de033ab1 schemavault 4.1.0 is presented as a schema-validation library but ships capabilities and data that have no relationship to schema validation...
Malicious code in procwire (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42f7077b3fb95ad31689f096805811e51afe78e7f21c2123d5dcc25343a11ff2 setup.py auto-executes on pip install only guarded by an internal PWDIST env var check and, on Windows, reconstructs an attacker C2 URL and XOR key a...
MAL-2026-6749 Malicious code in ipa-user-collector (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2df148f70b40274f48d5bc4d8ea5a97bb434a743cf7a5c1b271a5a5cd7fa3907 During installation the obfuscated code downloads a malicious executable from a remote location. Code is designed to survive different blocks: first, there is ...
Malicious code in ipa-user-collector (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5719ec23d0195e518782dbc26a8a05b54fd827d1ec18d41619d163f7175eaa28 The package ships an empty runtime module src/ipausercollector/init.py contains only version but overrides setup.py cmdclass for install, develop, an...
MAL-2026-6748 Malicious code in haproxy-config-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f70d07844bca4fadfcedb195f5768c8a95318af4d62a4bcec94556b99b72c4ad During installation the obfuscated code downloads a malicious executable from a remote location. Code is designed to survive different blocks: first, there is ...
Malicious code in haproxy-config-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f86ffde45262c5d45a24458a85116ab5ca80451ce3d3159f9d7cad6599ad145 setup.py registers install, develop, and egginfo command hooks that run a routine which XOR-0x5A-decodes a list of attacker-controlled Cloudflare...
Malicious code in sqligen (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de59ac5884f286d69e42a71ba0cb7b99aa06d2b1f0e28a279a84d3db86eb3196 setup.py contains an obfuscated install-time dropper that fires on Windows. Two functions with diagnostic-sounding names 'GetDefaultSystemPolicy' /...
MAL-2026-6515 Malicious code in sqligen (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de59ac5884f286d69e42a71ba0cb7b99aa06d2b1f0e28a279a84d3db86eb3196 setup.py contains an obfuscated install-time dropper that fires on Windows. Two functions with diagnostic-sounding names 'GetDefaultSystemPolicy' /...
MAL-2026-6208 Malicious code in fastercoding (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c302e448868fcff3110a45d20b53d9d887cfb5aa31bb66df90702f2767246b4 The package exposes a single public function run re-exported from init.py which, on Windows, downloads BackgroundSyncService.exe from...
Malicious code in fastercoding (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c302e448868fcff3110a45d20b53d9d887cfb5aa31bb66df90702f2767246b4 The package exposes a single public function run re-exported from init.py which, on Windows, downloads BackgroundSyncService.exe from...
MAL-2026-6206 Malicious code in fastercode (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14de4534d4cf2290f5f54bc5929fa799b73dff2e6a03aa879ade141dfc6ea054 The package advertises itself as a Python performance helper "Make your Python code run faster" and exposes a single public function run. On Windows,...
Malicious code in boardflow (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a7f48df7609edb5bab9d9e572f093994d071165578a58032a69392d62b08b86 On pip install boardflow, setup.py spawns a background thread that fetches http://pooron.org/test.exe over plain HTTP into the OS temp directory and...
Malicious code in temp-development-package-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14f3eeecfabfcb249c5f6ec2a20824355ac313ab18c677334076ca9501607ec8 At install time, setup.py invokes installsitecustomize, which copies src/tempdevelopmentpackagetest/setup/sitecustomize.py into Python's purelib...
Malicious code in myfirstpackagetestaaa (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c05b4934471efac919453e87b37a94a9a92c930455283c0bfb85b535c61f4a6b During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...
MAL-2026-5875 Malicious code in myfirstpackagetestaaa (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c05b4934471efac919453e87b37a94a9a92c930455283c0bfb85b535c61f4a6b During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...
MAL-2026-5874 Malicious code in aaaazzzzaz (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c1698c50a4706300296a442bbb0ae57280e870d8c83575d68218143e4ffd6645 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...