—

MAL-2026-5812

Malicious code in hello-test-s1 (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (3e38aef2a7eaa434284aa00122cf429e1a1a07658e02afec7bb3690d7cbfe9ec) During installation or importing the module, the package starts a reverse shell to hardcoded locatiom

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-12-aiogram-sever-patch

Reasons (based on the campaign):

- The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.

- The package overrides the install command in setup.py to execute malicious code during installation.

- dependency-confusion

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / hello-test-s1

No fixed version published yet for hello-test-s1 (pip). Pin to a known-safe version or switch to an alternative.

References

https://bad-packages.kam193.eu/pypi/package/hello-test-s1 [WEB]