—

MAL-2026-6558

Malicious code in fsociety-tools (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (a6cc8226dddc34465de607c5b458e927a11942543cc17b30a5ca125abce2e81b) During import, package executes the embedded executable. It is an infostealer named internally as "NBSteal", focused on exfiltrating data from browsers, Telegram, Discord, Roblox and other gaming platforms, and other credentials.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-discord-token-generator

Reasons (based on the campaign):

- infostealer

- files-exfiltration

- obfuscation

- exfiltration-browser-data

- malware

- target:telegram

- exfiltration-credentials

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / fsociety-tools

No fixed version published yet for fsociety-tools (pip). Pin to a known-safe version or switch to an alternative.

References

https://www.virustotal.com/gui/file/c31597963a8e83fc068a70a6187abc4d8fb1a67b318fc20aebb298ad97377783/detection [EVIDENCE]
https://bad-packages.kam193.eu/pypi/package/fsociety-tools [WEB]