Logo
pypi

bt-signal-utils @1.0.1

Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC

Malicious

OSV ID

MAL-2026-5160

Ecosystem

pypi

Summary

During import, package exfiltrates environment variables and cloud tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-06-quant-backtest-helpers Reasons (based on the campaign): - exfiltration-env-variables - exfiltration-cloud-tokens

Source: kam193 (d56152c37c3a078b771d2578dd86495783b51b886c96aa7ebb66a7ec36d72a24)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.

SEE HACKTRON REVIEW → SCAN DEPENDENCIES