OSV ID
MAL-2026-3145
Ecosystem
pypi
Summary
During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a hardcoded C2 server and waits for commands, supporting e.g. executing remote commands, exfiltrating files, recording the screen, executing GUI actions through PyAutoGUI. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-04-process-support Reasons (based on the campaign): - exfiltration-generic - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine. - rat - spyware-like - infostealer - persistence - exfiltration-browser-data - exfiltration-crypto - files-exfiltration
Source: kam193 (1f3a9539cc4ef3e4b515404ac4b13179d37a09923c8fd90a06f4b751ed397d9c)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.