Incident detail

criticalpypi·credential theft·osv

Malicious code in tronlab (PyPI)

tronlab

Published Jun 3, 2026, 03:28 PM

Risk score

AI summary

Indexed incident for tronlab (pypi).

Description

Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX (Tron / Tronix). Some packages additionally clone the readme of other, legit libraries. The similar packages are repeating uploaded to PyPI

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-04-tronix

Reasons (based on the campaign):

exfiltration-generic
crypto-related

Technical details

Indicators

affected version<function fixed() { [native code] }75%

Timeline

Jun 3, 03:28 PMAdvisory published
Jun 4, 06:41 AMIndexed by ThreatPkg

Related incidents

Malicious code in bittensor-burn-watch (PyPI)bittensor-burn-watch92
Malicious code in clip-logger (PyPI)clip-logger92
Malicious code in executable-stories-jest (npm)executable-stories-jest92
Malicious code in wrangler-deploy (npm)wrangler-deploy92
Malicious code in node-env-resolver (npm)node-env-resolver92