MAL-2026-10020
Malicious code in playwrightr (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: kam193 (0e8219b6ae0da7b60916526489bcd2f364db415113ff878ea52050127dfa37b9) Package downloads and runs a remote executable, which was found to downloads further exes and starting coine mining
---
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-07-pyqt6darktheme
Reasons (based on the campaign):
- cryptominer
- Downloads and executes a remote executable.
- malware
- The package overrides the install command in setup.py to execute malicious code during installation.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for playwrightr (pip). Pin to a known-safe version or switch to an alternative.
References
- https://tria.ge/260708-eg92psat5t [EVIDENCE]
- https://www.virustotal.com/gui/file/93be0d295af944feef85c8694f88a50b660f106a5ed18300252a72d8b43b69de/detection [EVIDENCE]
- https://www.virustotal.com/gui/file/1f1963b8ccabbb9aaae9ce93b78d91f4f01faf0a21aed8e71b2adece16f8d5e6/detection [EVIDENCE]
- https://bad-packages.kam193.eu/pypi/package/playwrightr [WEB]