—

MAL-2026-6208

Malicious code in fastercoding (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (9dd11cd3c57bf0f46158fd84d7243184d4bd5780e17f49d90f1721e6d0a8f8a1) The package contains code to download and run a malicious executable. The executable contains a remote access trojan controlled via Telegram bot, with capabilities like a keylogger, screen recording, command execution. It also attempts to gain persistence via startup registry keys.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-fastercode

Reasons (based on the campaign):

- Downloads and executes a remote executable.

- peristence-autorun

- uses-telegram-bot

- keylogger

- rat

- spyware-like

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / fastercoding

No fixed version published yet for fastercoding (pip). Pin to a known-safe version or switch to an alternative.

References

https://www.virustotal.com/gui/file/85b5a4b34b8511367e9c9d230110e55eb811936db0cb6667ced4d25ce2e4d99a/detection [EVIDENCE]
https://bad-packages.kam193.eu/pypi/package/fastercoding [WEB]