kraken-trader @1.0.1
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 4:30 AM UTC
OSV ID
MAL-2026-2517
Ecosystem
pypi
Summary
The package is a loader of malicious code disguised as remote "credits" code. The remote location, built from the parts in the code, delivers highly obfuscated JavaScript code that could be executed by the node.js runner embeded in the package. While all parts are in the package, it lacks the triggering code. As per Socket.dev attribution, it's a dependency used in North Korean fake interviews campaign. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-04-kraken-trader Reasons (based on the campaign): - crypto-related - Downloads and executes a remote malicious script.
Source: kam193 (4bf5ec6e8a6020de1e122cf07f2dde0f02fa1a484ff984586db379729da75523)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.