Supply-chain threat intelligence

Incident detail

criticalpypi·crypto miner·osv

Malicious code in pyqt6darktheme (PyPI)

pyqt6darktheme

Risk score

92

AI summary

Indexed incident for pyqt6darktheme (pypi).

Description

Package downloads and runs a remote executable, which was found to downloads further exes and starting coine mining


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-07-pyqt6darktheme

Reasons (based on the campaign):

  • cryptominer

  • Downloads and executes a remote executable.

  • malware

  • The package overrides the install command in setup.py to execute malicious code during installation.

Technical details

Affected versions

=0.1.0

Indicators

  • affected version=0.1.075%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents