Supply-chain threat intelligence

Incident detail

criticalpypi·malware·osv

Malicious code in govpkg (PyPI)

govpkg

Risk score

92

AI summary

Indexed incident for govpkg (pypi).

Description

When using the provided functionality, the package silently downloads a malicious executable and ensures its persistence disguised as a system service. The binary connects with telegra[.]ph.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-07-govpkg

Reasons (based on the campaign):

  • Downloads and executes a remote executable.

  • action-hidden-in-lib-usage

  • persistence


Credit: OpenSSF (source)

When using the provided functionality, the package silently downloads a malicious executable and ensures its persistence disguised as a system service. The binary connects with telegra[.]ph.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-07-govpkg

Reasons (based on the campaign):

  • Downloads and executes a remote executable.

  • action-hidden-in-lib-usage

  • persistence

Technical details

Affected versions

=0.1.0=0.2.0

Indicators

  • Advisory IDs
    90%
  • affected version=0.1.075%
  • affected version=0.2.075%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents