Supply-chain threat intelligence
Risk score
92
Indexed incident for log-guru (pypi).
The typosquatted package installs a Mythic/Poseidon C2 framework beacon and ensures persistence. After installation, the beacon communicates with C2 on wegoexchange[.]site for further commands.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-07-tennacity
Reasons (based on the campaign):
typosquatting
Downloads and executes a remote executable.
The package contains code to detect if it is running in a sandbox environment.
malware
persistence
Affected versions
Indicators
Timeline