Malicious code in textwrap-toolkit-stager (PyPI)

---

__

Source: amazon-inspector (9fc85924d5672f7c91c2dd5e97c46cc48e3ae48084f906b7b0ba9d606c433fa4)

On import textwrap_toolkit_stager, the package's __init__.py unconditionally fetches Python source from http://194.5.152.9:8080/hacks/textwrap-toolkit/textwrap_toolkit/__init__.py via urllib.request.urlopen and passes the response bytes directly to exec(code_bytes, {"__name__": "__main__"}). The fetch uses a bare IP over plaintext HTTP, with no version pinning, no hash verification, and errors silently swallowed. Any process that imports this package executes attacker-controlled Python code from 194.5.152.9 with the full privileges of the importing user. The package's advertised purpose ('lightweight utility for advanced text wrapping') has no implementation in the shipped code — the module's sole behavior is the remote stager. The package name itself self-describes the intent ('stager').

Source: kam193 (b5c75bdcf659eb0064e71470edd2140960c88803c906fcc5a4c9ec21b970e887)

During import, package downloads and executes an obfuscated script. The code then adds a new authorized SSH key and reports back the IP of the current environment. After that, the code also attempts to exfiltrate cryptocurrency wallet data

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-textwrap-toolkit-stager

Reasons (based on the campaign):

• backdoor

• obfuscation

• Downloads and executes a remote malicious script.

• crypto-related

• exfiltration-crypto