timermcp @1.0.0
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-3231
Ecosystem
pypi
Summary
During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a hardcoded C2 server and waits for commands, supporting e.g. executing remote commands, exfiltrating files, recording the screen, executing GUI actions through PyAutoGUI. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-04-process-support Reasons (based on the campaign): - exfiltration-generic - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine. - rat - spyware-like - infostealer - persistence - exfiltration-browser-data - exfiltration-crypto - files-exfiltration
Source: kam193 (a3fb8935c61e214bb5bdfe858c15d8d00fce16ae5a8ee00d88af7c1aa363e656)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.