pypi · Malicious package advisory
Malwarerandpicker
MAL-2026-6138
Malicious code in randpicker (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: kam193 (378d07b700aa25d356594d7b1c42db107def3dbd1cce734e4c1c50b411048eb6) When calling the `Email` function, the code creates a backdoor script and attempts to achieve persistence. The script connects to a Telegram bot and awaits commands to execute. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-06-old-randpicker Reasons (based on the campaign): - action-hidden-in-lib-usage - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine. - backdoor - uses-telegram-bot - persistence - peristence-autorun
Compromised versions (1)
- 0.1.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.