Supply-chain threat intelligence

Incident detail

criticalpypi·credential theft·osv

Malicious code in data-harvester (PyPI)

data-harvester

Risk score

92

AI summary

Indexed incident for data-harvester (pypi).

Description

The package embeds an executable stealing cryptocurrency wallets data. During import, code saves the executable under a name suggesting system utility and configures cron to run it periodically. The exfiltrated data is encrypted using embedded RSA code before uploading to file-sharing services or IPFS.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-07-py-base58

Reasons (based on the campaign):

  • crypto-related

  • exfiltration-crypto

  • persistence

Technical details

Affected versions

=0.3.1

Indicators

  • affected version=0.3.175%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents