Supply-chain threat intelligence
Risk score
92
Indexed incident for govpkg (pypi).
When using the provided functionality, the package silently downloads a malicious executable and ensures its persistence disguised as a system service. The binary connects with telegra[.]ph.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-07-govpkg
Reasons (based on the campaign):
Downloads and executes a remote executable.
action-hidden-in-lib-usage
persistence
When using the provided functionality, the package silently downloads a malicious executable and ensures its persistence disguised as a system service. The binary connects with telegra[.]ph.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-07-govpkg
Reasons (based on the campaign):
Downloads and executes a remote executable.
action-hidden-in-lib-usage
persistence
Affected versions
Indicators
Timeline