pypi · Malicious package advisory
Malwaretennacity
MAL-2026-10576
Malicious code in tennacity (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: kam193 (d1f457b8b07c4cda5c20b76c195faa127906578c1977fb00469c44a7a114f810) The typosquatted package installs a Mythic/Poseidon C2 framework beacon and ensures persistence. After installation, the beacon communicates with C2 on wegoexchange[.]site for further commands. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-07-tennacity Reasons (based on the campaign): - malware - Downloads and executes a remote executable. - The package contains code to detect if it is running in a sandbox environment. - typosquatting - persistence
Compromised versions (3)
- 1.0.0
- 1.2.0
- 1.2.2
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.