VYPR
← All malware advisories

pypi · Malicious package advisory

Malware

libhmac

MAL-2026-4194

Malicious code in libhmac (PyPI)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: kam193 (9bb9951f337f12dd13b75c0646ac2c38680ea60f2ad841b9f102e441993c9c56)
The package is a loader of an infostealer that modifies browser extensions to intercept credentials and cryptowallet data. The installation is not automatic, the code is intended to be triggered externally, but includes hardcoded exfiltration target.


---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.


Campaign: 2026-05-libhmac


Reasons (based on the campaign):


 - crypto-related


 - exfiltration-credentials


 - exfiltration-crypto


 - exfiltration-browser-data

Compromised versions (4)

  • 0.3.0
  • 0.8.28.0
  • 0.8.28.1
  • 1.1.0

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.