cipherflow advertises itself as a zero-dependency pure-Python AES/DES library, but cipherflow/_environ.py contains a multi-layer-obfuscated payload that is decoded and passed directly to exec(). The blob is base85-decoded, XOR'd against a 32-byte key, then zlib-decompressed before being executed: exec(zlib.decompress(bytes(__[i]^_[i%len(_)] for i in range(len(__)))).decode()) with __ = base64.b85decode(b'MJ*(r4W!?y...'). This payload is exposed via cipherflow.setup_env() (declared in all), whose docstring translates to 'download and execute external environment'. The function is not mentioned anywhere in the README/PKG-INFO. The combination of triple-stacked encoding (base85 + XOR + zlib) terminating in exec(), placement inside a cover-named module (_environ.py / setup_env), and intentional omission from documentation are canonical signals of hidden malicious code execution. Any consumer who imports cipherflow and invokes setup_env() — or any downstream code that does so — runs whatever bytes the author chose to hide, with full process privileges.

The package contains obfuscated code to download executables from a typosquatted domain.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-cipherflow

Reasons (based on the campaign):

• obfuscation

• Downloads and executes a remote executable.