356 matches found
MAL-2025-191868 Malicious code in singtok (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 20dad294eb5c742d0044f1dde01f51646f0b34a86a7cb86c84547981276f46ce Importing the module starts Obfuscated code that downloads a well-recognized malware. In the further variations, the code that download and starts the maliciou...
MAL-2025-191899 Malicious code in tiksing (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ef883e1ad19e5cbeafdda023c535abc9a14f84f81dce26e06d9f10bf77013ab5 Importing the module starts Obfuscated code that downloads a well-recognized malware. In the further variations, the code that download and starts the maliciou...
MAL-2025-191869 Malicious code in sintok (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7ac54e69b2c1c8f39c9a938ce34d0f0382a0185aa821e4d8e6eaeaac1c456ecb Importing the module starts Obfuscated code that downloads a well-recognized malware. In the further variations, the code that download and starts the maliciou...
Malicious code in network-utils-simple (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1fd943d3243197ac153b2623548e62b4225a59f611cf13fe962bc3ced369a32d During installation, there is an attempt to download and execute code. The package has no real functionality. --- Category: MALICIOUS - The campaign has clearl...
Malicious code in requesr (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b792f17b467610a1021820a7718884aa436487a9ec75d5ebf889d400efeaec24 Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory. --- Category:...
MAL-2024-12338 Malicious code in requesr (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b792f17b467610a1021820a7718884aa436487a9ec75d5ebf889d400efeaec24 Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory. --- Category:...
Malicious code in my-main-manager (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ac004ff76ebc011d60ae86c56b7f57ddb6ac0d24ff0ddd9ad777319775f79282 While the package appears to be a manager for Windows service, the linked executable is an infostealer with capabilities like cookie stealing ang keylogger. Th...
MAL-2024-12308 Malicious code in my-main-manager (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ac004ff76ebc011d60ae86c56b7f57ddb6ac0d24ff0ddd9ad777319775f79282 While the package appears to be a manager for Windows service, the linked executable is an infostealer with capabilities like cookie stealing ang keylogger. Th...
MAL-2024-12309 Malicious code in my-service-manager (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 58c8e4c726cef11c6d7d60916210f532060a6ff7a98bb7fea5872eb10335dd5d While the package appears to be a manager for Windows service, the linked executable is an infostealer with capabilities like cookie stealing ang keylogger. Th...
Malicious code in catme (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7b5df44af9cbed7b8a7112f36f9c99b466e9143b36d62fd43e4caf480df811d0 Importing the module starts executing a remote script, as well as leaves a persitance in the .bashrc --- Category: MALICIOUS - The campaign has clearly malicio...
Malicious code in backwwii (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cf5e7427061483e779c53f125b5792b2e650261bcdca0a9f4d90e9ca883c04d0 When importing the module, the obfuscated code downloads and runs a remote executable --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2024-12212 Malicious code in backwwii (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cf5e7427061483e779c53f125b5792b2e650261bcdca0a9f4d90e9ca883c04d0 When importing the module, the obfuscated code downloads and runs a remote executable --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in colourfulls (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 735ca3ff38b76e7b11c1f7b884880871427299042e250bb42e17dcf66b8c8e11 Once imported, the module attempts to download an executable, put into Discord directory and most probably trick discord to start it. The download link does no...
MAL-2024-12246 Malicious code in colourfulls (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 735ca3ff38b76e7b11c1f7b884880871427299042e250bb42e17dcf66b8c8e11 Once imported, the module attempts to download an executable, put into Discord directory and most probably trick discord to start it. The download link does no...
Malicious code in cblines (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 80531e39cd96b75b32c7549840f7bc6984377765d9f9f663c0b560332b4e1b84 Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...
Malicious code in pymatcha (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 779c6dd8d3b44cbb116c534cbd88dd2a73e5ee6f946e7e37c66f7eba13dedefd Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...
MAL-2024-12332 Malicious code in pymatcha (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 779c6dd8d3b44cbb116c534cbd88dd2a73e5ee6f946e7e37c66f7eba13dedefd Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes. --- Category: MALICIOUS - The campaign has clearly...
Malicious code in juphelp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 11cd911a4d43440f44f1eadb92d5d8deda2dc85af9e4a5cf9b99e90918ffad07 Once run, downloads and install from sleipnirbrowser.org a suspicious executable pretending to be a webbrowser. This website appears to be a scam using some ki...
Malicious code in jupphelp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dcda51f3ac0b82ef824630ce053d4dc42aa2021baf16e476ca83ef8d7f7c1cab Once run, downloads and install from sleipnirbrowser.org a suspicious executable pretending to be a webbrowser. This website appears to be a scam using some ki...
MAL-2024-12297 Malicious code in jupsolhelp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1bc1615518392665ccc36d8c24a0e8e57ffce1147dfc8604c723513c28061743 Once run, downloads and install from sleipnirbrowser.org a suspicious executable pretending to be a webbrowser. This website appears to be a scam using some ki...