VDB
KO

MAL-2026-10689

Malicious code in pylogora (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (b01e8dfbdf9823541eee73bd52086cac9e0ea70246992afe74873372b5d6a293) The typosquatted package installs a Mythic/Poseidon C2 framework beacon and ensures persistence. After installation, the beacon communicates with C2 on wegoexchange[.]site for further commands.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-07-tennacity

Reasons (based on the campaign):

- typosquatting

- Downloads and executes a remote executable.

- The package contains code to detect if it is running in a sandbox environment.

- malware

- persistence

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pylogora

No fixed version published yet for pylogora (pip). Pin to a known-safe version or switch to an alternative.

References