VDB
KO

MAL-2026-10576

Malicious code in tennacity (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (d1f457b8b07c4cda5c20b76c195faa127906578c1977fb00469c44a7a114f810) The typosquatted package installs a Mythic/Poseidon C2 framework beacon and ensures persistence. After installation, the beacon communicates with C2 on wegoexchange[.]site for further commands.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-07-tennacity

Reasons (based on the campaign):

- malware

- Downloads and executes a remote executable.

- The package contains code to detect if it is running in a sandbox environment.

- typosquatting

- persistence

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / tennacity

No fixed version published yet for tennacity (pip). Pin to a known-safe version or switch to an alternative.

References