Malicious code in fetchapi-syncdata-pypi (PyPI)

MAL-2026-3133

Published Apr 28, 2026 · Modified Apr 28, 2026

Description

Source: kam193 (d0dcf5bd5c71d077b3763c74d57d68d5517a2b5c5229fdd5bd6f7369cb2a0f49)

The package contains code to download and start a malicious executable. It's masqueraded using name similar to Windows services. In analyzed versions, the code was not automatically started, suggesting it's just a part of a campaign. Based on the dynamic analysis, the executable is likely an infostealer.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-04-fetch-data-api-syncapi

Reasons (based on the campaign):

Downloads and executes a remote executable.
malware

References

EVIDENCE https://www.virustotal.com/gui/file/7f6bb9cb5118cde0e476e4a41e6bd31027b2cc3b678112e25da3c68e2421a8a6/detection
WEB https://www.virustotal.com/gui/file-analysis/NmFjNTE4MGI3NjRhM2Y3YTZlMzM2ZmFhN2ZmY2E4ZWE6MTc3NzQwMTUxMA==
EVIDENCE https://app.any.run/tasks/58f6c7bd-daf7-4b02-ace3-a113a62f0c4f
WEB https://bad-packages.kam193.eu/pypi/package/fetchapi-syncdata-pypi

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes