THREATPKG
SYNC STALE
Supply-chain threat intelligence
Incident detail
Risk score
92
AI summary
Indexed incident for h4xupdate (pypi).
Description
Package contains a remote control tool taking orders from a hardcoded Telegram bot. The authorship impersonate legitimate company.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-05-h4xupdate
Reasons (based on the campaign):
rat
The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.
files-exfiltration
impersonation
Technical details
Indicators
- affected version<function fixed() { [native code] }75%
Timeline
- Advisory published
- Indexed by ThreatPkg
Related incidents
- Malicious code in bittensor-burn-watch (PyPI)bittensor-burn-watch92
- Malicious code in clip-logger (PyPI)clip-logger92
- Malicious code in executable-stories-jest (npm)executable-stories-jest92
- Malicious code in wrangler-deploy (npm)wrangler-deploy92
- Malicious code in node-env-resolver (npm)node-env-resolver92