During installation, package attempts to download and run an executable imitating malicious activity.

---

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: 2026-06-goodoldtoulas

Reasons (based on the campaign):

• The package overrides the install command in setup.py to execute malicious code during installation.

• Downloads and executes a remote executable.