VYPR

pypi · Malicious package advisory

Malware

tennacity

MAL-2026-10576

Malicious code in tennacity (PyPI)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: kam193 (d1f457b8b07c4cda5c20b76c195faa127906578c1977fb00469c44a7a114f810)
The typosquatted package installs a Mythic/Poseidon C2 framework beacon and ensures persistence. After installation, the beacon communicates with C2 on wegoexchange[.]site for further commands.


---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.


Campaign: 2026-07-tennacity


Reasons (based on the campaign):


 - malware


 - Downloads and executes a remote executable.


 - The package contains code to detect if it is running in a sandbox environment.


 - typosquatting


 - persistence

Compromised versions (3)

  • 1.0.0
  • 1.2.0
  • 1.2.2

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.