pypi · Malicious package advisory
Malwarepyqt6darktheme
MAL-2026-6960
Malicious code in pyqt6darktheme (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: kam193 (8cd6d16792d681b160ae1e11b3f698d8fd3004cd6019704008ad1c649fbe6f67) Package downloads and runs a remote executable, which was found to downloads further exes and starting coine mining --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-07-pyqt6darktheme Reasons (based on the campaign): - cryptominer - Downloads and executes a remote executable. - malware - The package overrides the install command in setup.py to execute malicious code during installation.
Compromised versions (1)
- 0.1.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.