OSV ID
MAL-2026-6979
Ecosystem
pypi
Summary
Starting version 1.0.7, the package contains obfuscated code and embedded binary that is executed during the import, sharing many similarities with package oxntime. The embedded seems to act as a guard for further execution, with some sandbox evasion techniques and time-based actions. Prior to 1.0.7, the package offered obfuscation techniques. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-07-oxntime Reasons (based on the campaign): - obfuscation - The package contains code to detect if it is running in a sandbox environment. - target:android - covering-tracks
Source: kam193 (78d60e25c1258021c4fb69a93456c76ef1157be852c7b9dc7165290ca599b0f7)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.