—
MAL-2026-10770
Malicious code in govpkg (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: kam193 (736ef874636ee77d0a5007dea41ad6329e0d5523bfeb5254930985f451a6f6f6) When using the provided functionality, the package silently downloads a malicious executable and ensures its persistence disguised as a system service. The binary connects with telegra[.]ph.
---
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-07-govpkg
Reasons (based on the campaign):
- Downloads and executes a remote executable.
- action-hidden-in-lib-usage
- persistence
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / govpkg
No fixed version published yet for govpkg (pip). Pin to a known-safe version or switch to an alternative.