MAL-2026-2309
--- _-= Per source details. Do not edit below this line.=-_ ## Source: kam193 (fbef17827bf88f06c2278d700e386c98e2f1360fd533ba1415c9060ff56a037f) During installation, if run under a specific username, the package downloads and installs two executables identified as backdoors trojans. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-03-thisismytest123 Reasons (based on the campaign): - Downloads and executes a remote executable. - backdoor - malware ## Source: ossf-package-analysis (517f20d2093597e92a397fc04e64a0bf27ba6ce0ca20799cba922a76133594fe) The OpenSSF Package Analysis project identified 'zzzzthisisitwantsafecheckitzzzz' @ 1.0.0 (pypi) as malicious. It is considered malicious because: - The package executes one or more commands associated with malicious behavior.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | zzzzthisisitwantsafecheckitzzzz | 1.0.0 |
Timeline
- Mar 31, 2026 CVE Published
- Mar 31, 2026 CVE Updated
References
- https://www.virustotal.com/gui/file/d06d2288d3aa76675947137279e6db4d5a31d3ab3a46720d15df4c4d2d52b9d3/detection evidence
- https://www.virustotal.com/gui/file/28d6c2c26ed631981fc9575a452b45b8b741d172769d5d8366a4269536236ab3/detection evidence
- https://bad-packages.kam193.eu/pypi/package/zzzzthisisitwantsafecheckitzzzz url