VYPR

pypi · Malicious package advisory

Malware

randpicker

MAL-2026-6138

Malicious code in randpicker (PyPI)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: kam193 (378d07b700aa25d356594d7b1c42db107def3dbd1cce734e4c1c50b411048eb6)
When calling the `Email` function, the code creates a backdoor script and attempts to achieve persistence. The script connects to a Telegram bot and awaits commands to execute.


---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.


Campaign: 2026-06-old-randpicker


Reasons (based on the campaign):


 - action-hidden-in-lib-usage


 - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.


 - backdoor


 - uses-telegram-bot


 - persistence


 - peristence-autorun

Compromised versions (1)

  • 0.1.0

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.