Supply-chain threat intelligence
Risk score
92
Indexed incident for data-harvester (pypi).
The package embeds an executable stealing cryptocurrency wallets data. During import, code saves the executable under a name suggesting system utility and configures cron to run it periodically. The exfiltrated data is encrypted using embedded RSA code before uploading to file-sharing services or IPFS.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-07-py-base58
Reasons (based on the campaign):
crypto-related
exfiltration-crypto
persistence
Affected versions
Indicators
Timeline