VYPR

pypi · Malicious package advisory

Malware

manin

MAL-2026-6978

Malicious code in manin (PyPI)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: kam193 (3234643a550a8e121b7f2cbee42e45fa90604a95258babd0b8a602ee97cf3045)
Package exploits dependency confusion. A beacon request is used to report usage back, but no additional information are exfiltrated.


---

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.


Campaign: GENERIC-beacon-dependency-confusion


Reasons (based on the campaign):


 - typosquatting


 - dependency-confusion

Compromised versions (3)

  • 0.0.1
  • 0.1.0
  • 0.1.1

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.