timesmcplib @1.0.0
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-3240
Ecosystem
pypi
Summary
During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a hardcoded C2 server and waits for commands, supporting e.g. executing remote commands, exfiltrating files, recording the screen, executing GUI actions through PyAutoGUI. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-04-process-support Reasons (based on the campaign): - exfiltration-generic - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine. - rat - spyware-like - infostealer - persistence - exfiltration-browser-data - exfiltration-crypto - files-exfiltration
Source: kam193 (da06df6b9831a400bbf6f90e6ae20c8633f5ca98f71ca4927cbc0647ec6ccb17)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.