parsimonius @0.12.0
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-5151
Ecosystem
pypi
Summary
Clone of a legitimate package with an added RAT running through a Telegram bot. It can e.g. exfiltrate env variables and execute remote commands. The malicious action does not start if the geolocation or timezone suggests a Russian area. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-06-parsimonius Reasons (based on the campaign): - typosquatting - exfiltration-env-variables - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine. - rat - clones-real-package - abuses-pth - geo-restricted - uses-telegram-bot
Source: kam193 (a5ab85a46a37da928774b1885049b71d40d675c54683b13711f4e371d932394a)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.