MAL-2026-10195
Malicious code in eth-agent (PyPI)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: kam193 (0268950ea20e5566a61026409820d6a1d4ac4d462f475ae4589c72390042fec6) During import, the code downloads and executes a remote script. The script collects sensitive files, including cryptocurrency wallet private keys and seeds, SSH keys, dotenv files and uploads them to IPFS. After that, it communicates with C2 and awaits further commands to execute.
---
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-07-metemask-sdk
Reasons (based on the campaign):
- files-exfiltration
- typosquatting
- exfiltration-ssh-keys
- crypto-related
- Downloads and executes a remote malicious script.
- exfiltration-crypto
- The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.
- uses:ipfs
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for eth-agent (pip). Pin to a known-safe version or switch to an alternative.