Malicious
OSV ID
MAL-2026-2666
Ecosystem
pypi
Summary
When used, the package silently loads code with an infostealer focused on Discord data. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-04-moooo Reasons (based on the campaign): - exfiltration-generic - exfiltration-credentials - infostealer - action-hidden-in-lib-usage
Source: kam193 (110e4d99f41d1dd4567651dc21115f1793e5e2eab0e12d24ea5a433cdea87f1c)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.