—

MAL-2026-5776

Malicious code in fastgptmini (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (3cca907106c3dceb5276e9bdbf8799367b44df9e12fe12098dd3ed215bb4f3b0) During installation, the code downloads an obfuscated script, which attempts to tamper with Defender exclusions paths and then downloads a malicious executable

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-fastgptmini

Reasons (based on the campaign):

- Downloads and executes a remote executable.

- malware

- The package overrides the install command in setup.py to execute malicious code during installation.

- obfuscation

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / fastgptmini

No fixed version published yet for fastgptmini (pip). Pin to a known-safe version or switch to an alternative.

References

https://www.virustotal.com/gui/file-analysis/ZjYxZmY4ZjFhNjIxMzI2ZTY1NmUxNThkMWNlYTE0M2M6MTc4MTUyMzQzMw== [WEB]
https://www.virustotal.com/gui/file/9e731bb85408c1b34c5f7fd6518b3590983ac5e95793dee0f1af390ac288ed47/detection [EVIDENCE]
https://bad-packages.kam193.eu/pypi/package/fastgptmini [WEB]