Supply-chain threat intelligence

Incident detail

criticalpypi·typosquatting·osv

Malicious code in pylogora (PyPI)

pylogora

Risk score

92

AI summary

Indexed incident for pylogora (pypi).

Description

The typosquatted package installs a Mythic/Poseidon C2 framework beacon and ensures persistence. After installation, the beacon communicates with C2 on wegoexchange[.]site for further commands.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-07-tennacity

Reasons (based on the campaign):

  • typosquatting

  • Downloads and executes a remote executable.

  • The package contains code to detect if it is running in a sandbox environment.

  • malware

  • persistence

Technical details

Affected versions

=0.7.8

Indicators

  • affected version=0.7.875%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents