fsociety-tools @1.0.2
Vulnerability report · Last retrieved from osv.dev June 28, 2026 at 11:54 PM UTC
OSV ID
MAL-2026-6558
Ecosystem
pypi
Summary
During import, package executes the embedded executable. It is an infostealer named internally as "NBSteal", focused on exfiltrating data from browsers, Telegram, Discord, Roblox and other gaming platforms, and other credentials. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-06-discord-token-generator Reasons (based on the campaign): - infostealer - files-exfiltration - obfuscation - exfiltration-browser-data - malware - target:telegram - exfiltration-credentials
Source: kam193 (a6cc8226dddc34465de607c5b458e927a11942543cc17b30a5ca125abce2e81b)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.