OSV ID
MAL-2026-1544
Ecosystem
pypi
Summary
The package hides code to download and start malicious script containing malware, identified as adware. The triggering method seems to be PTH file, although it's not always present Given the time correlation, it's likely armored continuation of 2026-03-robloxapi-testy --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-03-rowrap Reasons (based on the campaign): - Downloads and executes a remote malicious script. - malware
Source: kam193 (606ce541a3ef4a98e4e1639e96c6431e7ec83be6f987c640a63c03991eae4f6e)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.