—

MAL-2026-6489

Malicious code in extra-huggingface (PyPI)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (4ebe54bed2c64bd1c1da46c59e7f1c4bb35b0ca64f9bbe5529c63a7a82eaef7c) When starting the module, package activates RAT-capabilities, which includes exfiltrating sensitive data. Though the package is claimed to be for educational usage, the name and default actions suggest different intentions.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-extra-huggingface

Reasons (based on the campaign):

- rat

- exfiltration-browser-data

- typosquatting

- native-extension

- persistence

- infostealer

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / extra-huggingface

No fixed version published yet for extra-huggingface (pip). Pin to a known-safe version or switch to an alternative.

참고

https://bad-packages.kam193.eu/pypi/package/extra-huggingface [WEB]