Incident detail

criticalpypi·credential theft·osv

Malicious code in cache-compat-utils (PyPI)

cache-compat-utils

Published Jun 16, 2026, 10:59 AM

Risk score

AI summary

Indexed incident for cache-compat-utils (pypi).

Description

The package contains obfuscated JS code with an infostealer harvesting all kinds of credentials, as well as a worm capable of spreading the infection further.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-cache-compat-utils

Reasons (based on the campaign):

obfuscation
malware
infostealer
exfiltration-credentials
exfiltration-ssh-keys
exfiltration-cloud-tokens

Technical details

Affected versions

=0.1.0

Indicators

affected version=0.1.075%

Timeline

Jun 16, 10:59 AMAdvisory published
Jun 17, 06:27 AMIndexed by ThreatPkg

Related incidents

Malicious code in metrics-probe-64b2 (npm)metrics-probe-64b292
Malicious code in metrics-probe-77d4 (npm)metrics-probe-77d492
Malicious code in metrics-probe-dc85 (npm)metrics-probe-dc8592
Malicious code in pkg-telemetry-r4f9 (npm)pkg-telemetry-r4f992
Malicious code in runtime-metrics-w7k2 (npm)runtime-metrics-w7k292