—

MAL-2026-4828

Malicious code in hmacsync (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (d361ffcded0fc3d88b5095d800b13b3f8a07a581e8003c30bfcf9887eb71243f) The package is a new version of the previously removed libhmac. The key parts, a malicious payload to inject into hijacked browser extensions, is not included in the package. The code allows hijacking browser extensions to - based on previous package - exfiltrate credentials. This package also contains code to create hidden SSH access to the machine with hardcoded credentials.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-libhmac

Reasons (based on the campaign):

- crypto-related

- exfiltration-credentials

- exfiltration-crypto

- exfiltration-browser-data

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / hmacsync

No fixed version published yet for hmacsync (pip). Pin to a known-safe version or switch to an alternative.

References

https://bad-packages.kam193.eu/pypi/package/hmacsync [WEB]