—
MAL-2026-6280
Malicious code in ip-rotat (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: kam193 (3ecb8a355dcbe7df86e0a785d8639e85faab9a5b4bad430ae3701ffa9432a4d2) During installation, the package exfiltrates env variables
---
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-06-ip-rotat
Reasons (based on the campaign):
- exfiltration-env-variables
- The package overrides the install command in setup.py to execute malicious code during installation.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / ip-rotat
No fixed version published yet for ip-rotat (pip). Pin to a known-safe version or switch to an alternative.