VDB
EN

MAL-2026-10688

Malicious code in log-guru (PyPI)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (6da98c6d79df38328235bb1df969316bd484b2a02594f8656772cd9a1e48f16b) The typosquatted package installs a Mythic/Poseidon C2 framework beacon and ensures persistence. After installation, the beacon communicates with C2 on wegoexchange[.]site for further commands.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-07-tennacity

Reasons (based on the campaign):

- typosquatting

- Downloads and executes a remote executable.

- The package contains code to detect if it is running in a sandbox environment.

- malware

- persistence

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / log-guru

No fixed version published yet for log-guru (pip). Pin to a known-safe version or switch to an alternative.

참고