asciitoart @0.1.4
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 4:30 AM UTC
OSV ID
MAL-2026-2624
Ecosystem
pypi
Summary
Through an obscure way, one of the package files got overwritten by a remote obfuscated code, which appears to be an infostealer. After executing the malicious code, the package covers the tracks by overwriting all relevant code files. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2024-11-asn1tool Reasons (based on the campaign): - obfuscation - dependency-confusion - typosquatting - clones-real-package - infostealer
Source: kam193 (d91767b12efcd1ad71b86b8d6770f33ddd3f1bfdec795dc04fd1d743a63a4591)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.