OSV ID
MAL-2026-2106
Ecosystem
pypi
Summary
During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to exfiltrate some basic information using DNS requests and then likely cover tracks by installing a similarly named package from private repository --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-02-urllib-slim Reasons (based on the campaign): - typosquatting - Downloads and executes a remote executable. - obfuscation - dependency-confusion
Source: kam193 (895439e6afba407fb85d315e2c99f0d1434905a1ee72b172e62d55abbb8c93a3)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.