Supply-chain threat intelligence
Risk score
92
Indexed incident for turbocalc (pypi).
During import an obfuscated code starts in-memory functions from a binary blob; after that, it communicates with dockfinancial[.]lu, the exact behaviour is unknown.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-07-turbocalc
Reasons (based on the campaign):
obfuscation
other
Affected versions
Indicators
Timeline