—

MAL-2026-6246

Malicious code in d0rk3r (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (d0d4cf20ac250e3d7a23666cf8bc3ae722d555b982649dad3f615d9c7c8818d9) The package declares malicious dependencies. Their activity is however not triggered as since version 1.0.4, the packages releases lack any source code. Malicious dependency was first introduced in version 1.0.5, but the package is likely prepared to be a loader of malicious code from very begining.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-request-cache-py

Reasons (based on the campaign):

- infostealer

- exfiltration-env-variables

- exfiltration-ssh-keys

- impersonation

- A Telegram webhook is used to send collected data.

- exfiltration-browser-data

- The package contains code to detect if it is running in a sandbox environment.

- exfiltration-credentials

- The malicious code is intentionally included in a dependency of the package

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / d0rk3r

No fixed version published yet for d0rk3r (pip). Pin to a known-safe version or switch to an alternative.

References

https://bad-packages.kam193.eu/pypi/package/d0rk3r [WEB]