-= Per source details. Do not edit below this line.=-
During the execution, the package silently download and runs a JAR not related to the package job. At the time of analysis, the content was corrupted
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-09-gtts-lts
Reasons (based on the campaign):
Downloads and executes a remote executable.
action-hidden-in-lib-usage
This package is designed to typosquat veilcord. When imported, it automatically decodes and executes a hidden payload.
{
"malicious-packages-origins": [
{
"sha256": "f35b1416b7e82dbedf8d0f943973c7f2c4af1ebd85f2a69ebd582f6c4d58f60e",
"versions": [
"0.0.7.5"
],
"import_time": "2025-09-22T02:12:23Z",
"modified_time": "2025-09-22T02:12:23Z",
"source": "oracle-using-macaron"
},
{
"sha256": "a2cdbade2ade551e1b920eddd48c3586f09155ed000f3fd38ad38094b167be06",
"id": "pypi/2025-09-gtts-lts/vielcord",
"import_time": "2025-12-02T22:30:55.71359786Z",
"modified_time": "2025-09-24T18:43:02.726948Z",
"versions": [
"0.0.7.5"
],
"source": "kam193"
},
{
"sha256": "4663c6d9af6fa1feac7fd1719e4ff1a729bc8297eec7ce927a13804d475d2c8b",
"id": "pypi/2025-09-gtts-lts/vielcord",
"import_time": "2025-12-02T23:07:18.753174914Z",
"modified_time": "2025-09-24T18:43:02.726948Z",
"versions": [
"0.0.7.5"
],
"source": "kam193"
}
],
"iocs": {
"urls": [
"https://github.com/michalethernatg/symmetrical-octo-parakeet/raw/refs/heads/main/meow.bin",
"https://github.com/michalethernatg/symmetrical-octo-parakeet/raw/refs/heads/main/shell.exe"
]
}
}