Incident detail

criticalpypi·credential theft·osv

Malicious code in polymarket-data (PyPI)

polymarket-data

Published May 30, 2026, 03:57 AM

Risk score

AI summary

Indexed incident for polymarket-data (pypi).

Description

The package attempts to exfiltrate sensitive data related to cryptocurrencies and API keys, as well as establish persistence. Likely related to 2026-05-polymarket-data-fetcher.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-polymarket-data

Reasons (based on the campaign):

crypto-related
exfiltration-crypto
exfiltration-credentials
persistence

Technical details

Indicators

affected version<function fixed() { [native code] }75%
affected version<function fixed() { [native code] }75%

Timeline

May 30, 03:57 AMAdvisory published
May 30, 06:41 AMIndexed by ThreatPkg

Related incidents

Malicious code in bittensor-burn-watch (PyPI)bittensor-burn-watch92
Malicious code in clip-logger (PyPI)clip-logger92
Malicious code in executable-stories-jest (npm)executable-stories-jest92
Malicious code in wrangler-deploy (npm)wrangler-deploy92
Malicious code in node-env-resolver (npm)node-env-resolver92