ninja-core-utils @1.2.1
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-3372
Ecosystem
pypi
Summary
During installation, obfuscated code exfiltrates cryptocurrency wallet data to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-05-ninja-core-utils Reasons (based on the campaign): - The package overrides the install command in setup.py to execute malicious code during installation. - obfuscation - crypto-related - exfiltration-crypto - backdoor
Source: kam193 (65af5eaa02abf860465d0ee9e11d7b10e3e1e36473aec951f8c1ea38ed8a8560)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.