VDB
KO

MAL-2026-6758

Malicious code in httpprobe (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (5a1fef079efe68484b2d37fb2e1bb3d0cebfeccf27a8a0f9b1e8436e664ea42e) If run as a module and during installation, the package attempts to download and start an executable described as a Mirai agent. During analysis, the Onion website hosting executable was not available. Using Onion and localhost fallback suggests the package was not yet ready to deliver malicious actions to the end users.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-07-httpprobe

Reasons (based on the campaign):

- Downloads and executes a remote executable.

- The package overrides the install command in setup.py to execute malicious code during installation.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / httpprobe

No fixed version published yet for httpprobe (pip). Pin to a known-safe version or switch to an alternative.

References