—
MAL-2026-6182
Malicious code in fluent-panel-metrics (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: kam193 (5070e6c32009ce1bb1f2f499ab4e0012123e7aeed52828d107825ecdacd6d678) During import, the package starts a reverse shell.
---
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-06-acme-widget-layout-utils
Reasons (based on the campaign):
- The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / fluent-panel-metrics
No fixed version published yet for fluent-panel-metrics (pip). Pin to a known-safe version or switch to an alternative.