MAL-2026-10576
Malicious code in tennacity (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: kam193 (d1f457b8b07c4cda5c20b76c195faa127906578c1977fb00469c44a7a114f810) The typosquatted package installs a Mythic/Poseidon C2 framework beacon and ensures persistence. After installation, the beacon communicates with C2 on wegoexchange[.]site for further commands.
---
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-07-tennacity
Reasons (based on the campaign):
- malware
- Downloads and executes a remote executable.
- The package contains code to detect if it is running in a sandbox environment.
- typosquatting
- persistence
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for tennacity (pip). Pin to a known-safe version or switch to an alternative.
References
- https://www.virustotal.com/gui/file/b60ead7581e0d36d47d2362a6843f6ffa3d5748fe7e3a76eef2942d13b3b0613/detection [EVIDENCE]
- https://www.virustotal.com/gui/file-analysis/ZjIzNWQzZmZhYmMyZmQ5Njg3MWI4MmQ5OTMzYTc3YzU6MTc4NDAyMjgxMA== [WEB]
- https://www.virustotal.com/gui/file/15378a183d833832b41cf28f061d6108e0145b81a8faf82f5d860828a0b99584/detection [EVIDENCE]
- https://bad-packages.kam193.eu/pypi/package/tennacity [WEB]