Supply-chain threat intelligence

Incident detail

criticalpypi·obfuscation·osv

Malicious code in turbocalc (PyPI)

turbocalc

Risk score

92

AI summary

Indexed incident for turbocalc (pypi).

Description

During import an obfuscated code starts in-memory functions from a binary blob; after that, it communicates with dockfinancial[.]lu, the exact behaviour is unknown.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-07-turbocalc

Reasons (based on the campaign):

  • obfuscation

  • other

Technical details

Affected versions

=0.1.0

Indicators

  • affected version=0.1.075%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents