MAL-2026-4358 Malicious code in mistral-search-toolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4f3c615d5d39af7634550be88e5630a25b7a3dbd5bd2a8717cb01f07f06a5cd2 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-4354 Malicious code in mistral-workflows-plugins-mistralai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 012c4d9df9467f9847a67be15a746ea186f36d3310d278ca9409d531f5026e12 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-3619 Malicious code in txwrap (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 72b4db77d156fffbfdf3253cda39d73180fda419676d356fdbc217130c289549 During importing, the remote code is downloaded. It then exfiltrates cryptocurrency wallet data to a hardcoded location and places a backdoor through a new...

MAL-2026-2538 Malicious code in bogus-nydus-op (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dc5b423ccd6e29bde31dc5123f2e888f3eaedc3fddf020aab581d2b8e64cc8a8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2178 Malicious code in lm-sys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 69240e51e47ad6f05a6d2e98047b80c3beb9f2e05d1449b50606c812b9eb1c1e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-192992 Malicious code in umap (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f6dd42f96f818641d94fd4a2085dfd1071b6ce3fa44a3f05b785245ab4d1c886 Simple dependency confusion test. Versions before 0.1.2 do not perform any active action. The original umap package existed in the past, but was removed by the...

MAL-2025-192962 Malicious code in rippling-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bac12bb851f49ac4801addcf6964c854abe90430140d3e75e4eefcd4c7cf1bf0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in fonafx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9441463f029726ea263225e9b0092d82b049e2d7a4e059becd24f5e23c70a906 Series of packages mostly with an obfuscated infostealer attempting to collect Chrome data. While discord webhook is usually set to an example, there are other...

Malicious code in test-packages1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5c5608702af52a2ca19f0b384036f76248848f4b4ddbe582631d85b3f5e77dca Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

Malicious code in artifact-lab-3-package-438d82fc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fb5b4138d768e7efb48da60b6d89cdb6d3e2b6dfd97a4848d38ea24ca106af84 Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...

Malicious code in c8tks94kspjyhtb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 55ea5b13a1064ea6ada9f0d6ac879a6b269b476871734f578f6c097a5baa73f3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...