Supply-chain threat intelligence
Incident detail
Risk score
92
AI summary
Indexed incident for fastercode (pypi).
Description
The package contains code to download and run a malicious executable. The executable contains a remote access trojan controlled via Telegram bot, with capabilities like a keylogger, screen recording, command execution. It also attempts to gain persistence via startup registry keys.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-06-fastercode
Reasons (based on the campaign):
Downloads and executes a remote executable.
peristence-autorun
uses-telegram-bot
keylogger
rat
spyware-like
Technical details
Affected versions
=0.1.0=0.1.1=1.0.0
Indicators
- affected version=0.1.075%
- affected version=0.1.175%
- affected version=1.0.075%
Timeline
- Advisory published
- Indexed by ThreatPkg
Related incidents
- Malicious code in yian666aikf (npm)yian666aikf92
- Malicious code in yianzzkf6687 (npm)yianzzkf668792
- Malicious code in fluent-dashboard-panel-metrics (PyPI)fluent-dashboard-panel-metrics92
- Malicious code in improvado-layout-panel-metrics (PyPI)improvado-layout-panel-metrics92
- Malicious code in free-claude (npm)free-claude92