THREATPKG
SYNC STALE

Supply-chain threat intelligence

Incident detail

criticalpypi·crypto miner·osv

Malicious code in crypto-helper (PyPI)

crypto-helper

Risk score

92

AI summary

Indexed incident for crypto-helper (pypi).

Description

During installation, the code tamper with security settings and downloads and executes malicious executable.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-cryptolock

Reasons (based on the campaign):

  • The package overrides the install command in setup.py to execute malicious code during installation.

  • Downloads and executes a remote executable.

  • malware

Technical details

Indicators

  • affected version<function fixed() { [native code] }75%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents