—

MAL-2026-6244

Malicious code in d0rk3r-telemetry (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (1f9f4d4943d02f9c78e513a75b4b0fcfd47d1e0486e79df9fe52f2112d840163) During import, package exfiltrates browsers data, SSH keys and other credential files, env variables and other sensitive data.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-request-cache-py

Reasons (based on the campaign):

- infostealer

- exfiltration-env-variables

- exfiltration-ssh-keys

- impersonation

- A Telegram webhook is used to send collected data.

- exfiltration-browser-data

- The package contains code to detect if it is running in a sandbox environment.

- exfiltration-credentials

- The malicious code is intentionally included in a dependency of the package

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / d0rk3r-telemetry

No fixed version published yet for d0rk3r-telemetry (pip). Pin to a known-safe version or switch to an alternative.

References

https://bad-packages.kam193.eu/pypi/package/d0rk3r-telemetry [WEB]