MAL-2026-625

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (4eb1b67eac28a42f372ecaaca274a28d15972e3cc8e063492f977364538e6c41)

During importing the module, package downloads a second-stage code from GitHub, which then runs an infostealer. After that, the downloaded code is removed

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-02-old-hangman

Reasons (based on the campaign):

Downloads and executes a remote malicious script.
infostealer
covering-tracks

Affected Packages

hangimani

PyPI

Affected versions:

1.0.0

References

WEBhttps://bad-packages.kam193.eu/pypi/package/hangimani WEBhttps://github.com/Samantha0709/HangMan/blob/36397c0a3e5abffa884ca92515981b4af305c9c7/src/HangMan.py#L17 WEBhttps://raw.githubusercontent.com/Samantha0709/Hang/main/browser.py

MAL-2026-625

Details

Source: kam193 (4eb1b67eac28a42f372ecaaca274a28d15972e3cc8e063492f977364538e6c41)

Affected Packages

References

CVSS Analysis

Ecosystems

Credits

Timeline