Supply-chain threat intelligence

Incident detail

criticalpypi·credential theft·osv

Malicious code in sufiagent (PyPI)

sufiagent

Risk score

92

AI summary

Indexed incident for sufiagent (pypi).

Description

Designed to run on Android. Under the mask of an AI agent, the code downloads a remote executable on import, and during usage, silently exfiltrates data like text messages and contacts.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-metoopro

Reasons (based on the campaign):

  • infostealer

  • files-exfiltration

  • exfiltration-generic

  • Downloads and executes a remote executable.

Technical details

Affected versions

=1.0.0=1.0.1=1.0.2

Indicators

  • affected version=1.0.075%
  • affected version=1.0.175%
  • affected version=1.0.275%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents