VYPR
← All malware advisories

pypi · Malicious package advisory

Malware

hackling

MAL-2026-3665

Malicious code in hackling (PyPI)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: kam193 (cf12b321da2b42ce2302bdccbb35304c4f4a47c7a5e273076467b269982c480f)
Package automatically exfiltrate information about the system, including potentially sensitive data.


---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.


Campaign: 2026-05-hackling


Reasons (based on the campaign):


 - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.


 - exfiltration-env-variables

Compromised versions (2)

  • 1.0.0
  • 1.0.2

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.