Logo
pypi

hash-utils-py @1.0.5

Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC

Malicious

OSV ID

MAL-2026-2118

Ecosystem

pypi

Summary

During importing the module, the code attempts to exfiltrate sensitive Telegram's client session files. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-03-hash-utils-py Reasons (based on the campaign): - exfiltration-credentials

Source: kam193 (4177b7c46ecbfa35116b35a2a491107d0514cd6551a447b7213ef6e097172939)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.

SEE HACKTRON REVIEW → SCAN DEPENDENCIES