Malicious
OSV ID
MAL-2026-3131
Ecosystem
pypi
Summary
During import, the package downloads and executes obfuscated code. It appears to be an infostealer framework --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-04-kcvlib Reasons (based on the campaign): - obfuscation - Downloads and executes a remote malicious script. - infostealer
Source: kam193 (4a441a8e0abdd54964ca9e0a5e3a1d0e0c0435f05d80ab9e9210e10194a16f3d)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.