OSV ID
MAL-2026-3132
Ecosystem
pypi
Summary
During import, the package automatically downloads and executes code that first acts as an infostealer, and then starts code acting as a RAT. It connects with a hardcoded C2 server and waits for commands, supporting e.g. executing remote commands, exfiltrating files, recording the screen, executing GUI actions through PyAutoGUI. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-04-process-support Reasons (based on the campaign): - exfiltration-generic - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine. - rat - spyware-like - infostealer - persistence - exfiltration-browser-data - exfiltration-crypto - files-exfiltration
Source: kam193 (8be0be5130ca45aa72ebb49b748e71aaf6998f09229910884076b5abc6a70c39)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.