Incident detail

criticalpypi·obfuscation·osv

Malicious code in easyaillm (PyPI)

easyaillm

Published Jun 14, 2026, 01:55 AM

Risk score

AI summary

Indexed incident for easyaillm (pypi).

Description

During installation, the obfuscsted code attempts to download and start a malicious executable. The published versions contained issues preventing successful downloading, but it was possible to recover the intended executable during the analysis.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-easyaillm

Reasons (based on the campaign):

Downloads and executes a remote executable.
obfuscation
malware

Technical details

Affected versions

=2.0.15=2.0.16

Indicators

affected version=2.0.1575%
affected version=2.0.1675%

Timeline

Jun 14, 01:55 AMAdvisory published
Jun 14, 06:27 AMIndexed by ThreatPkg

Related incidents

Malicious code in @gbrlxvi/ts-form-utils (npm)@gbrlxvi/ts-form-utils92
Malicious code in mailconfirmer (npm)mailconfirmer92
Malicious code in environment-gate (npm)environment-gate92
Malicious code in dash-grid-normalizer (PyPI)dash-grid-normalizer92
Malicious code in chalk-plus-js (npm)chalk-plus-js92