Skip to content

HIGHLY_SUSPICIOUS (1) package from Python Package Index.

  1. Packages that are likely malicious, but due to the obfuscation level, lack of time or clear indicators it's hard to say what exactly they do; the highest risk of false positives.

thispackagedoesnotexist

Affected versions: (1) 0.1.0, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.1.9, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.3.0, 0.3.1, 0.3.2, 0.3.4, 0.3.7, 0.3.8, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.5, 0.5.6, 0.5.7, 0.5.9, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6

  1. Version numbers are usually added automatically. In most cases, the packages listed here were created only to distribute malicious code.

Campaign data

Campaign information may not always be 100% accurate for every related package.

Campaign description

Packages contain potentially malicious, RAT-like functionality (creating reverse shell, stealing cookies, etc.), but do not run it. It could be a preparation for something or building a red-team-like tools

See more details on the campaign page.

backdoor

Campaign targets backdoor.

exfiltration_browser_data

Campaign targets exfiltration_browser_data.

exfiltration_generic

Campaign targets exfiltration_generic.

remote_commands

The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.

revshell

The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.

Look up in other services

  1. May not be available. See more in pypi-json-data repository.
  2. Open Source Insights project, provided by Google.
  3. Service from Socket.dev, a cybersecurity company.
  4. Spectra Assure Community, a service from ReversingLabs, a cybersecurity company.
  5. Service from Snyk, a cybersecurity company.