Incident detail

criticalpypi·credential theft·osv

Malicious code in django-auth-middleware-plus (PyPI)

django-auth-middleware-plus

Published Jun 19, 2026, 09:05 PM

Risk score

AI summary

Indexed incident for django-auth-middleware-plus (pypi).

Description

During import, package exfiltrates sensitive enviromental variables, configuration files and establishes persistence via entry in .bashrc and similar files.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-django-auth-middleware-plus

Reasons (based on the campaign):

dependency-confusion
exfiltration-credentials
exfiltration-env-variables
persistence
files-exfiltration

Technical details

Affected versions

=99.99.99

Indicators

affected version=99.99.9975%

Timeline

Jun 19, 09:05 PMAdvisory published
Jun 20, 06:27 AMIndexed by ThreatPkg

Related incidents

Malicious code in create-mono-package (npm)create-mono-package92
Malicious code in shoaib-done-pack (PyPI)shoaib-done-pack92
Malicious code in build-tracker-n5p1 (npm)build-tracker-n5p192
Malicious code in ordered-btree (npm)ordered-btree92
Malicious code in ts-linter-builders (npm)ts-linter-builders92