setup.py fetches an opaque file from https://tmpfiles.org/dl/wJwhUXDhUK6M/zvgfsj.txt (an anonymous, throwaway file-sharing host) during pip install, writes the bytes to python.bat in the current working directory, and executes them via os.system("cmd /c python.bat"). The URL is unpinned, no hash or signature verification is performed, the destination is not associated with the package publisher, and the fetched content is handed directly to a shell — a canonical install-time dropper. The package ships no real functionality (src/ contains only the egg-info directory) and uses placeholder metadata (Name/Author/Summary all set to 'FastGPTMini' with no homepage, URL, or email), consistent with a name-confusion lure targeting developers searching for FastGPT/GPT tooling. Any machine running pip install FastGPTMini will fetch and execute attacker-controlled code with the user's privileges.

During installation, the code downloads an obfuscated script, which attempts to tamper with Defender exclusions paths and then downloads a malicious executable

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-fastgptmini

Reasons (based on the campaign):

• Downloads and executes a remote executable.

• malware

• The package overrides the install command in setup.py to execute malicious code during installation.

• obfuscation