CRITICAL PyPI Malware
Malicious code in hello-test-s1 (PyPI)
MAL-2026-5812
Published ยท Modified
Description
__
Source: kam193 (3e38aef2a7eaa434284aa00122cf429e1a1a07658e02afec7bb3690d7cbfe9ec)
During installation or importing the module, the package starts a reverse shell to hardcoded locatiom
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-12-aiogram-sever-patch
Reasons (based on the campaign):
The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.
The package overrides the install command in setup.py to execute malicious code during installation.
dependency-confusion
References
Ready to move
Start Securing
Free, no credit card | First findings in minutes