New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
CRITICAL PyPI Malware

Malicious code in httpprobe (PyPI)

MAL-2026-6758

Published · Modified

Description


__

Source: kam193 (5a1fef079efe68484b2d37fb2e1bb3d0cebfeccf27a8a0f9b1e8436e664ea42e)

If run as a module and during installation, the package attempts to download and start an executable described as a Mirai agent. During analysis, the Onion website hosting executable was not available. Using Onion and localhost fallback suggests the package was not yet ready to deliver malicious actions to the end users.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-07-httpprobe

Reasons (based on the campaign):

  • Downloads and executes a remote executable.

  • The package overrides the install command in setup.py to execute malicious code during installation.

Ready to move

Start Securing

Free, no credit card | First findings in minutes