MAL-2026-6728
Malicious code in dt-validator (PyPI)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: kam193 (0fc0256380d811cdce05ffa9c3644a5f7e4ebd6f7acfce0f955935b42449b17a) Code contains a function to execute remote code, which at the time of analysis was extracting the "auth_user" table from Django DB. The remote code execution is partially documented and disguised with multiple warnings, but a) the 'convenience function' uses a hardcoded endpoint and loads results to the global namespace, b) the warnings are silenced by default.
---
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-06-dt-validator
Reasons (based on the campaign):
- Downloads and executes a remote malicious script.
- action-hidden-in-lib-usage
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for dt-validator (pip). Pin to a known-safe version or switch to an alternative.