MAL-2026-10688
Malicious code in log-guru (PyPI)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: kam193 (6da98c6d79df38328235bb1df969316bd484b2a02594f8656772cd9a1e48f16b) The typosquatted package installs a Mythic/Poseidon C2 framework beacon and ensures persistence. After installation, the beacon communicates with C2 on wegoexchange[.]site for further commands.
---
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-07-tennacity
Reasons (based on the campaign):
- typosquatting
- Downloads and executes a remote executable.
- The package contains code to detect if it is running in a sandbox environment.
- malware
- persistence
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for log-guru (pip). Pin to a known-safe version or switch to an alternative.
참고
- https://www.virustotal.com/gui/file/b60ead7581e0d36d47d2362a6843f6ffa3d5748fe7e3a76eef2942d13b3b0613/detection [EVIDENCE]
- https://www.virustotal.com/gui/file-analysis/ZjIzNWQzZmZhYmMyZmQ5Njg3MWI4MmQ5OTMzYTc3YzU6MTc4NDAyMjgxMA== [WEB]
- https://www.virustotal.com/gui/file/15378a183d833832b41cf28f061d6108e0145b81a8faf82f5d860828a0b99584/detection [EVIDENCE]
- https://bad-packages.kam193.eu/pypi/package/log-guru [WEB]