356 matches found
Malicious code in thisismytest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a1c269bbb834081025da993697e3e2e44db4a97e16e21f4c792ed85391772fa9 During installation, the package downloads and runs a remote executable, which is identified as a backdoor. It connects with a remote server and executes basic...
MAL-2026-2017 Malicious code in thisismytest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a1c269bbb834081025da993697e3e2e44db4a97e16e21f4c792ed85391772fa9 During installation, the package downloads and runs a remote executable, which is identified as a backdoor. It connects with a remote server and executes basic...
Malicious code in anistream (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 57e4902ca2172a78b93acf6ec1413ab098e72c158dc1ab74c3a84f28f50382f1 Package hides code that downloads and runs malware, likely an infostealer. The code is not directly called in the package suggesting it's a dependency or next...
MAL-2026-1499 Malicious code in anistream (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 57e4902ca2172a78b93acf6ec1413ab098e72c158dc1ab74c3a84f28f50382f1 Package hides code that downloads and runs malware, likely an infostealer. The code is not directly called in the package suggesting it's a dependency or next...
Malicious code in telegramdatas (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 742799f83f7140514aa9a55c3f3efb5142ab1eaef68317a40e23a8f261e22b71 During import, an infostealer embedded as package resource is started. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
Malicious code in flowfix (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 77c3304c8fcc8e0cdf2ac450babf481ff0ee3e93cb3c4213c6b4fa8d80cf4137 The package hides code to download and open remote content. The current code seems to be a bit broken as the final URL is not correct, but the code holds also...
MAL-2026-1276 Malicious code in flowfix (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 77c3304c8fcc8e0cdf2ac450babf481ff0ee3e93cb3c4213c6b4fa8d80cf4137 The package hides code to download and open remote content. The current code seems to be a bit broken as the final URL is not correct, but the code holds also...
Malicious code in requests-ml-min (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 caf988849523549406a61384e2c9f8e01d6edf3ad71e5cba77ca7c3987863f1d During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...
MAL-2026-1240 Malicious code in requests-ml-min (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 caf988849523549406a61384e2c9f8e01d6edf3ad71e5cba77ca7c3987863f1d During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...
Malicious code in optimal-spark-config (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a1c1bf78d6e3b593fd29329b4175a48c645abf4b4b63e93db68f25221329d14c During installation, the package starts obfuscated code that attempts to exfiltrate some basic information using DNS requests and then likely cover tracks by...
MAL-2026-1222 Malicious code in optimal-spark-config (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a1c1bf78d6e3b593fd29329b4175a48c645abf4b4b63e93db68f25221329d14c During installation, the package starts obfuscated code that attempts to exfiltrate some basic information using DNS requests and then likely cover tracks by...
MAL-2026-1225 Malicious code in urllib-slim (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 acbcedbcc1d5bafffbb66128eae99b1fdc6c8e62b65bedd8f62ee2790919d972 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...
Malicious code in easyreg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2897582bf6c0c29d4fc679ee338263019a8a5d5bcb66b5ae2c59454d6c967d6a The package pretends to be a development helper but, in fact, downloads a remote executable. Dynamic analysis reveals actions like disabling Windows Defender a...
MAL-2026-932 Malicious code in easyreg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2897582bf6c0c29d4fc679ee338263019a8a5d5bcb66b5ae2c59454d6c967d6a The package pretends to be a development helper but, in fact, downloads a remote executable. Dynamic analysis reveals actions like disabling Windows Defender a...
Malicious code in pywin-simple-gui (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 43b40c0dbbbc187822a28a401194873adc73d13e531f2789c4227374f7ec9e26 The package pretends to be a development helper but, in fact, downloads a remote executable. Dynamic analysis reveals actions like disabling Windows Defender a...
MAL-2026-933 Malicious code in pywin-simple-gui (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 43b40c0dbbbc187822a28a401194873adc73d13e531f2789c4227374f7ec9e26 The package pretends to be a development helper but, in fact, downloads a remote executable. Dynamic analysis reveals actions like disabling Windows Defender a...
Malicious code in polyutil (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 31a0fc68eee0841a78740fd3e3748171612b871b58bf9f3e52b4fa35bed64774 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...
MAL-2026-928 Malicious code in polyutil (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 31a0fc68eee0841a78740fd3e3748171612b871b58bf9f3e52b4fa35bed64774 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...
Malicious code in polyclawd (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1f994af0e1b17c0d30e950a5aef9a45d8e34f6f59ab45fadddb05b340ed5cdad The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...
Malicious code in clawdist (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3008887b6c2929530cd48dc996c91d70eb92432465d02f4ff28e6d5927350097 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...