—

MAL-2026-6248

Malicious code in jsonschema-viewer (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (76cad60a803b91e4da8eb438787ca5f044fd3deafedef5de1fdb4e92bd8fd9e1) Package configures an entry point (command line) that executes a remote script. It then downloads a next stage malware, which acts as next dropper for a fileless malware.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-jsonschema-viewer

Reasons (based on the campaign):

- malware

- Downloads and executes a remote executable.

- Downloads and executes a remote malicious script.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / jsonschema-viewer

No fixed version published yet for jsonschema-viewer (pip). Pin to a known-safe version or switch to an alternative.

References

https://www.virustotal.com/gui/file/bd77582bcc534db6a56f1471f8134296a5f39b90c7ec2761e14e7ccef4667ab4/detection [EVIDENCE]
https://bad-packages.kam193.eu/pypi/package/jsonschema-viewer [WEB]