transaction-analysis @1.0.2
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2025-3010
Ecosystem
pypi
Summary
Package contains obfuscated code that exfiltrate basic data and awaits for commands from the remote server to execute them. This is a malicious copy of legitimate https://pypi.org/project/coinanalyse/ package. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-02-coinanalyze Reasons (based on the campaign): - backdoor - typosquatting - obfuscation - clones-real-package - crypto-related - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.
Source: kam193 (49ab525dda997f7abc07f4ef30a62443e40a0f01e218b74d6db9b378fe51f2a4)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.