VDB

MAL-2026-2309

MAL-2026-2309 PUBLISHED

--- _-= Per source details. Do not edit below this line.=-_ ## Source: kam193 (fbef17827bf88f06c2278d700e386c98e2f1360fd533ba1415c9060ff56a037f) During installation, if run under a specific username, the package downloads and installs two executables identified as backdoors trojans. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-03-thisismytest123 Reasons (based on the campaign): - Downloads and executes a remote executable. - backdoor - malware ## Source: ossf-package-analysis (517f20d2093597e92a397fc04e64a0bf27ba6ce0ca20799cba922a76133594fe) The OpenSSF Package Analysis project identified 'zzzzthisisitwantsafecheckitzzzz' @ 1.0.0 (pypi) as malicious. It is considered malicious because: - The package executes one or more commands associated with malicious behavior.

Affected Products

VendorProductVersions
PyPIzzzzthisisitwantsafecheckitzzzz1.0.0

Timeline

  • Mar 31, 2026 CVE Published
  • Mar 31, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›