Skip to content

MALICIOUS (1) package from Python Package Index.

  1. The campaign has clearly malicious intent, like infostealers.

alembic-util

Affected versions: (1) 0.189.33

  1. Version numbers are usually added automatically. In most cases, the packages listed here were created only to distribute malicious code.

Campaign data

Campaign information may not always be 100% accurate for every related package.

Campaign description

During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating crypto wallets and browsers data. Likely continuation of 2026-05-py-requests

See more details on the campaign page.

crypto-related

Malicious activity is related to cryptocurrencies or blockchain, e.g. stealing crypto wallets.

exfiltration_browser_data

Campaign targets exfiltration_browser_data.

exfiltration_crypto

The package attempts to steal sensitive cryptocurrency-related data, like wallet keys.

infostealer

Activity is typical for information stealers, i.e. by exfiltrate various sensitive data from the victim's environment.

override_install

The package overrides the install command in setup.py to execute malicious code during installation.

persistence

Campaign targets persistence.

remote_script

Downloads and executes a remote malicious script.

typosquatting

The package name is an typosquatting variant of a popular package.

Look up in other services

  1. May not be available. See more in pypi-json-data repository.
  2. Open Source Insights project, provided by Google.
  3. Service from Socket.dev, a cybersecurity company.
  4. Spectra Assure Community, a service from ReversingLabs, a cybersecurity company.
  5. Service from Snyk, a cybersecurity company.