Malicious code in fastgptmini (PyPI)

MAL-2026-5776

Published Jun 15, 2026 · Modified Jun 15, 2026

Description

Source: kam193 (3cca907106c3dceb5276e9bdbf8799367b44df9e12fe12098dd3ed215bb4f3b0)

During installation, the code downloads an obfuscated script, which attempts to tamper with Defender exclusions paths and then downloads a malicious executable

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-fastgptmini

Reasons (based on the campaign):

Downloads and executes a remote executable.
malware
The package overrides the install command in setup.py to execute malicious code during installation.
obfuscation

References

WEB https://www.virustotal.com/gui/file-analysis/ZjYxZmY4ZjFhNjIxMzI2ZTY1NmUxNThkMWNlYTE0M2M6MTc4MTUyMzQzMw==
EVIDENCE https://www.virustotal.com/gui/file/9e731bb85408c1b34c5f7fd6518b3590983ac5e95793dee0f1af390ac288ed47/detection
WEB https://bad-packages.kam193.eu/pypi/package/fastgptmini

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes