—

MAL-2026-6206

Malicious code in fastercode (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (1c2793304d30de27278e36f79685e9ca60f9f839d7a27d2ea39d8d22e36a8584) The package contains code to download and run a malicious executable. The executable contains a remote access trojan controlled via Telegram bot, with capabilities like a keylogger, screen recording, command execution. It also attempts to gain persistence via startup registry keys.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-fastercode

Reasons (based on the campaign):

- Downloads and executes a remote executable.

- peristence-autorun

- uses-telegram-bot

- keylogger

- rat

- spyware-like

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / fastercode

No fixed version published yet for fastercode (pip). Pin to a known-safe version or switch to an alternative.

References

https://www.virustotal.com/gui/file/85b5a4b34b8511367e9c9d230110e55eb811936db0cb6667ced4d25ce2e4d99a/detection [EVIDENCE]
https://bad-packages.kam193.eu/pypi/package/fastercode [WEB]