70 matches found
Malicious code in databaseroboats (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 758a06f15ef5917ecf964bae5fa46f084b028b69c8dd133acb90da972f6a6f09 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in pychatz (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 adc76f6c0051f3b8b31b378b6b6078e553750338e2489de9de83315bea349657 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in pacbot (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 77976a83e69cb239c03d7d5f13eefeaa61eaae708c066a584609d8b7d8a932bd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2026 Malicious code in pipinpeace-env (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b76166abb6c7173f1cc74e41509f4ded1be2de5cea682016e00001e4e23b75a9 Package is designed to exfiltrate env variables during installation. However, it requires providing a URL as an installation parameter, which suggests it's mor...
Malicious code in perfkitbenchmarker (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0983513b915ec02c736c073b1af861f5ff6b1e62bf2074b42a33e8d5fa16bb46 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-1987 Malicious code in composer-dev (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7be3393e5cd932abe1668adaa58f526e25b1a6ab2ef4945eadeb60e68493c7ef Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in dataflux-pytorch (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 486e56ad4de2a59b9c8890d854505075b556ca6920be97f850a14c7d648f7f3b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in makenotion-ppetest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8a77a3e2f70388147c71ce781715204b49848f8a88c362506e14ecfbdff51208 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in demozecosse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1fd7840785d53d90edc61c6138072f4ed7a01b35dd05d76d9d6f5343ec93bff7 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
Malicious code in bladebit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f415139e8d21831bbadeb09351ae32306980ae4de3692fc6cafc1d72c2b99e28 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in tchap-bot (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ca239020bc35efc249b5f387dc3ae473132184319b88a498ba3f7ddd9dd6dfe3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-1044 Malicious code in awareness-demo-pkg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 73d2724a4dc0c9e8d1439a29324b142a46c456e7d078ba90127777a59bf906d8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-1027 Malicious code in rtxbbtyols (npm)
Package collects and exfiltrates sensitive info to oastify.com via HTTP in both index.js and setup.py with silent error handling. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a545131c0d6f2f8be5e52e2d51ba1ca4bc79095868f4b3c8169744110c68ecd The package...
Malicious code in rtxbbtyols (npm)
Package collects and exfiltrates sensitive info to oastify.com via HTTP in both index.js and setup.py with silent error handling. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a545131c0d6f2f8be5e52e2d51ba1ca4bc79095868f4b3c8169744110c68ecd The package...
MAL-2026-905 Malicious code in marshmellows (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 92a41b4a9b9f5733eae9cfa5ca9c6802d52d803a1835820ee5098f58419fc18e Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...
MAL-2026-904 Malicious code in strands-agents-anthropic (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b86e2f5ba17218d5e9377627cc2c437009cc3dc7c6615c87b8317995614288c6 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in osopackagepy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 999886fcc5bada14ab742719f34eef0d929a1319b6011060b7e13e1598c292f0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in code-transfering-3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 949a505895a5dcb808074bcddc1a084d12cfadb4b999712b48e012ad455ce817 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
MAL-2026-97 Malicious code in robustinfer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2fd89ce9f166281f91029df8dc7595d23503a595a4baba85f1702ccf0b4e2b11 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in umap (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f6dd42f96f818641d94fd4a2085dfd1071b6ce3fa44a3f05b785245ab4d1c886 Simple dependency confusion test. Versions before 0.1.2 do not perform any active action. The original umap package existed in the past, but was removed by the...