MAL-2026-3133

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (d0dcf5bd5c71d077b3763c74d57d68d5517a2b5c5229fdd5bd6f7369cb2a0f49)

The package contains code to download and start a malicious executable. It's masqueraded using name similar to Windows services. In analyzed versions, the code was not automatically started, suggesting it's just a part of a campaign. Based on the dynamic analysis, the executable is likely an infostealer.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-04-fetch-data-api-syncapi

Reasons (based on the campaign):

Downloads and executes a remote executable.
malware

Affected Packages

fetchapi-syncdata-pypi

PyPI

Affected versions:

0.1.0

References

EVIDENCE

https://app.any.run/tasks/58f6c7bd-daf7-4b02-ace3-a113a62f0c4f

WEB

https://bad-packages.kam193.eu/pypi/package/fetchapi-syncdata-pypi

WEB

https://www.virustotal.com/gui/file-analysis/NmFjNTE4MGI3NjRhM2Y3YTZlMzM2ZmFhN2ZmY2E4ZWE6MTc3NzQwMTUxMA==

EVIDENCE

https://www.virustotal.com/gui/file/7f6bb9cb5118cde0e476e4a41e6bd31027b2cc3b678112e25da3c68e2421a8a6/detection