timemcplib @1.0.0
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 4:30 AM UTC
OSV ID
MAL-2026-3238
Ecosystem
pypi
Summary
During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a hardcoded C2 server and waits for commands, supporting e.g. executing remote commands, exfiltrating files, recording the screen, executing GUI actions through PyAutoGUI. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-04-process-support Reasons (based on the campaign): - exfiltration-generic - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine. - rat - spyware-like - infostealer - persistence - exfiltration-browser-data - exfiltration-crypto - files-exfiltration
Source: kam193 (96a6c2c025f60e6c36b5c0c5325d3cd39c3d2a25f693ba82877fa73d87eb3b6f)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.