VYPR
← All malware advisories

pypi · Malicious package advisory

Malware

trickery

MAL-2026-3698

Malicious code in trickery (PyPI)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: kam193 (3ad5df28c8d5f5afa377d6b54a7eac1d3110610783c7e62fbd084a0bd49baac5)
Package contains code to install a backdoor - and additionally to a user-controlled backdoor, it also installs the second, with own C2 server. It's not automatically activated. Once started, it can execute commands from C2 and exfiltrate data.


---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.


Campaign: 2025-06-old-trickery


Reasons (based on the campaign):


 - backdoor


 - files-exfiltration


 - peristence-autorun


 - Downloads and executes a remote malicious script.


 - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.

Compromised versions (2)

  • 1.0.0
  • 1.0.1

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.