VYPR
← All malware advisories

pypi · Malicious package advisory

Malware

syntaxlogger

MAL-2026-3697

Malicious code in syntaxlogger (PyPI)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: kam193 (ebc8a65895fc09c10b6e6bf23926076ec575582e80e084616e6779b091df947d)
When using the provided functionality, code silently downloads archives with executables to a location excluded from A scanning, and then executes them. The remote content appears to be a legitimate application manipulated via DLL poisoning to perform malicious actions.


---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.


Campaign: 2026-05-syntaxlogger


Reasons (based on the campaign):


 - Downloads and executes a remote executable.


 - action-hidden-in-lib-usage


 - malware

Compromised versions (5)

  • 0.1.0
  • 0.1.1
  • 0.1.2
  • 0.1.3
  • 0.1.4

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.