—
MAL-2026-3411
Malicious code in web3-py-checksum (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: kam193 (4b2052172f5c854b2e91f6bdc9336a97469cd161372621a1880d9cd1e3ad426a) The code silently exfiltrates the private key of a crypto account.
---
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-05-old-web3-py-checksum
Reasons (based on the campaign):
- crypto-related
- exfiltration-crypto
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / web3-py-checksum
No fixed version published yet for web3-py-checksum (pip). Pin to a known-safe version or switch to an alternative.