logutilkit @1.0.1
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-2120
Ecosystem
pypi
Summary
Malicious clone of a legitimate package. When using it, the code attempts to download and execute remote code. In on of the incarnations, the malicious code was embeded in the strongly obfuscated file, which at least collected data from cryptowallets and password managers and exfiltrated them to a hardcoded remote location. The downloaded next stage varies depending on the running platform. On Windows, it's extream obfuscated script. On Linux and MacOS they are binaries, named "systemd-resolved" and "com.apple.systemevents" with clear signs of stealing browsers and cryptocurrency data. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-03-license-utils-kit Reasons (based on the campaign): - infostealer - obfuscation - crypto-related - action-hidden-in-lib-usage - exfiltration-credentials - clones-real-package
Source: kam193 (25a26f2dc6e0a8e2ba3bd43492fbffa597b39065e3f3378ea976dcabddf8fbf8)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.