Supply-chain threat intelligence

Incident detail

criticalpypi·malware·osv

Malicious code in discordia-telemetria (PyPI)

discordia-telemetria

Risk score

92

AI summary

Indexed incident for discordia-telemetria (pypi).

Description

During installation, the package downloads and executes a remote executable. Before 0.1.5, the code contained local-only tests of malicious behaviour.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-07-discord-telemetry

Reasons (based on the campaign):

  • The package overrides the install command in setup.py to execute malicious code during installation.

  • Downloads and executes a remote executable.

  • malware

Technical details

Affected versions

=0.1.1=0.1.2

Indicators

  • affected version=0.1.175%
  • affected version=0.1.275%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents