VDB
KO

MAL-2026-10770

Malicious code in govpkg (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (736ef874636ee77d0a5007dea41ad6329e0d5523bfeb5254930985f451a6f6f6) When using the provided functionality, the package silently downloads a malicious executable and ensures its persistence disguised as a system service. The binary connects with telegra[.]ph.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-07-govpkg

Reasons (based on the campaign):

- Downloads and executes a remote executable.

- action-hidden-in-lib-usage

- persistence

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / govpkg

No fixed version published yet for govpkg (pip). Pin to a known-safe version or switch to an alternative.

References