python-requirements @3.15.6
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 8:33 PM UTC
OSV ID
MAL-2026-1264
Ecosystem
pypi
Summary
The package clones a legitimate webdavclient3 library and modifies it to be an installer utility. During installation, the package exfiltrates the current working directory to a remote WebDAV server or Telegram Bot. Additionally, the package targets cryptocurrency operations in another suspicious project, https://github.com/fewcatltd/zkSync/ The install_modules() method injects code into two files, which are characteristic for this repository, and causes exfiltrating configuration files during cryptocurrency exchange operations. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-03-old-python-module-installer Reasons (based on the campaign): - impersonation - dependency-confusion - files-exfiltration - action-hidden-in-lib-usage - clones-real-package - crypto-related - exfiltration-crypto
Source: kam193 (40fa77c47c3649fce85f601f8aa10bf13674e5db4a2d35f125cb48b77d65f99d)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.