Skip to content

Bad packages

2026-04-old-mypypipkg

kam193/package-campaigns

MALICIOUS (1) campaign cataloged at 2026-04-27(2).

The campaign has clearly malicious intent, like infostealers.
This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-04-old-mypypipkg¶

When running as a module, the package starts a VSCode tunnel and exfiltrates the connection link to the hardcoded target. This lets the attacker connect the VSCode instance online and gain remote access to the machine as the user running the code.

Abuse categories¶

vscode-tunnel

Campaign uses vscode-tunnel.

Packages in the campaign¶

campaign:2026-04-old-mypypipkg¶

mypypipkg