ggfmttygl @1.0.0
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-3405
Ecosystem
pypi
Summary
Package is disguised as a utility, but in fact loads encrypted code as modules. However, loading it requires knowing the decryption key which is not included in the package. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-05-ggfmttygl Reasons (based on the campaign): - obfuscation - The malicious code is intentionally included in a dependency of the package
Source: kam193 (e741cc1df48cc526ad3a27ac702f5dea403723557b4a485f84847340310d66e5)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.