xxoo-bale @1.0.0
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 4:30 AM UTC
OSV ID
MAL-2026-3425
Ecosystem
pypi
Summary
The package contains code to install remotely stored malware and ensure its persistence. The code is not triggered automatically; it requires a separate trigger. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-07-cas-base Reasons (based on the campaign): - Downloads and executes a remote executable. - malware - persistence
Source: kam193 (74ce2be8301ccea70138e307282fbf70ede26eede2a531296145f7d0da695b80)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.