-= Per source details. Do not edit below this line.=-
Importing the module downloads and starts remote executable identified as malware
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-12-foxloveyou
Reasons (based on the campaign):
malware
Downloads and executes a remote executable.
{
"malicious-packages-origins": [
{
"versions": [
"0.1.3",
"0.1.2"
],
"sha256": "ae6bedba7c21e763c5a0e27952cf75a13a7705e7681027c87a833417a2035b70",
"modified_time": "2025-12-19T08:23:35.004047Z",
"source": "kam193",
"id": "pypi/2025-12-foxloveyou/connections-api-hidden-runner",
"import_time": "2025-12-19T09:39:56.055913018Z"
},
{
"versions": [
"0.1.2",
"0.1.3"
],
"sha256": "3fabc78b2d6a644c757f87ad701ff48d405bd332425a77b6d9157116e99238cf",
"modified_time": "2025-12-19T08:23:35.004047Z",
"source": "kam193",
"id": "pypi/2025-12-foxloveyou/connections-api-hidden-runner",
"import_time": "2025-12-30T22:39:04.060803276Z"
}
],
"iocs": {
"urls": [
"http://3zoz.duckdns.org:1111/1234",
"http://3zoz.duckdns.org/config"
],
"domains": [
"3zoz.duckdns.org"
]
}
}