Malicious code in mypypipkg (PyPI)

MAL-2026-3105

Published Apr 27, 2026 · Modified Apr 27, 2026

Description

Source: kam193 (a94a9bbd6a292f754fedd6ae737eaf5259925cf382a610c9d63e9d210a3f3677)

When running as a module, the package starts a VSCode tunnel and exfiltrates the connection link to the hardcoded target. This lets the attacker connect the VSCode instance online and gain remote access to the machine as the user running the code.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-04-old-mypypipkg

Reasons (based on the campaign):

vscode-tunnel

References

WEB https://bad-packages.kam193.eu/pypi/package/mypypipkg

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes