—

MAL-2026-6236

Malicious code in query-profile (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (9a60c7fce9ec29fa327128c80bca74a51b9f1965c50c6dc9286016fa31001bf1) Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.

---

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: GENERIC-standard-pypi-install-pentest

Reasons (based on the campaign):

- The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

- The package overrides the install command in setup.py to execute malicious code during installation.

## Source: ossf-package-analysis (668684938d648f2835b9065f86e06d3815d9c81999a32e50b6ffe61942bd7015) The OpenSSF Package Analysis project identified 'query-profile' @ 0.0.3 (pypi) as malicious.

It is considered malicious because:

- The package communicates with a domain associated with malicious activity.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / query-profile

No fixed version published yet for query-profile (pip). Pin to a known-safe version or switch to an alternative.

References

https://bad-packages.kam193.eu/pypi/package/query-profile [WEB]