178 matches found
MAL-2026-5100 Malicious code in obfuscation (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9a6d747918a89b433d6b670595d6b8d3049f49a69762c3e483d4f0f9dbeb81a3 During installation, the code tamper with security settings and downloads and executes malicious executable. --- Category: MALICIOUS - The campaign has clearly...
MAL-2026-4861 Malicious code in lib-1779997093-yjeeqn (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 adfe3f8b85f731f407f8da6669a76b821b042e4ea1f2fd8fcfddf3293c2ca697 During installation, the package opens a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in ninja-core-optimizer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fbe38f659a9fac5304f648aa594e12123221abd687755378f05b3efe17d6d4c7 During installation, obfuscated code exfiltrates cryptocurrency wallet data to a hardcoded location --- Category: MALICIOUS - The campaign has clearly maliciou...
MAL-2026-3342 Malicious code in runtime-readout (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 db23da97c424ee374983aaaa3b955d423abe32f91c024f372142dc234ae522d3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in protocol-stub-generator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8ad6f31dc6bdf35ca55cf2a55e9124e07131de068c8ff945e62716637b6e06d1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3235 Malicious code in apexomni-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 497dca02206d8084e5a7e135245489a5ef9dd03f318b138574bc43386ddac0ef During installation, multiple sensitive environment variables are being exfiltrated. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2026-3221 Malicious code in aocl-sparse-v2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b8e60c160aa7b9d4e10282013603466f6d96ac166bb41e18ef043060b3b04745 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in aocl-sparse-v2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b8e60c160aa7b9d4e10282013603466f6d96ac166bb41e18ef043060b3b04745 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in @cap-js/sqlite (npm)
Supply chain compromise of legitimate SAP packages published by threat actor "[email protected]" impersonating SAP toolchain maintainers. All four compromised packages share the same fingerprint: setup.mjs 4.4 KB and execution.js 11.1 MB bundled in the tarball, with a preinstall hook of "node...
MAL-2026-3141 Malicious code in coinmate-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8c8d1f75669f5e0386a83dad52d569b6711645921989cf520b3b15c59ec26424 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3104 Malicious code in robase-ui (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9ca93a110c410fd6294e5270289bebb1872f9b81152d837f4990756881646cc0 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-3090 Malicious code in bytedecs (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 33034832d7823023eca4d7640030b040b26d4d5274e222bf294b7cf0be28430c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3099 Malicious code in bytedvod (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c2b90eec61e5e2a472f910011acc1e66e407b4a240e907ac74289221e1a5e83f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3094 Malicious code in bytedpgsql (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 645f636a2360d86d320bbf691de6457d8df8a7e066fa3fce10b8a85f8576a7a2 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in buildenv-collector (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ed214a591cc269b484b5a0831e170e9db89aa33d168ab77c7826837495cd0f38 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2833 Malicious code in keystackutilities (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4b76e011fdc2ff62186e932ab958f9daf671bcc8e727dcaed74441489b229468 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2555 Malicious code in api-feature (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c86a3079da8157aef32d5d4c4f2420239981a142fc1150eb0ac2e695be2779e9 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in gd-auth (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 baa9851d66a8d40c23baf029f186e4f8f5366381dadb2d3ecc8cb9420e5e3997 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2541 Malicious code in gd-auth-sso (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8f23b8545f85df66640646272b028ab4db1032fcb4fd5bbd745971b3438cc4f1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in customer-local-ops (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ef5d282201c89a99b3d50d086b0c6916792744bff406f01b7920533e43562212 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...