Incident detail

criticalpypi·obfuscation·osv

Malicious code in temp-development-package-test (PyPI)

temp-development-package-test

Published Jun 16, 2026, 09:48 AM

Risk score

AI summary

Indexed incident for temp-development-package-test (pypi).

Description

Starting with version 0.4, package installs a sitecustomize.py that executes during Python engine initialization. The embeded code uses mshta to download malicious code, as in other packages from the campaign.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-easyaillm

Reasons (based on the campaign):

Downloads and executes a remote executable.
obfuscation
malware

Technical details

Affected versions

=0.1=0.2=0.3=0.4

Indicators

affected version=0.175%
affected version=0.275%
affected version=0.375%
affected version=0.475%

Timeline

Jun 16, 09:48 AMAdvisory published
Jun 17, 06:27 AMIndexed by ThreatPkg

Related incidents

Malicious code in gpu-accelerator (npm)gpu-accelerator92
Malicious code in tobihook (PyPI)tobihook92
Malicious code in node-path-utils (npm)node-path-utils92
Malicious code in classbreeze-utils (npm)classbreeze-utils92
Malicious code in myfirstpackagetestaaa (PyPI)myfirstpackagetestaaa92