-= Per source details. Do not edit below this line.=-
During import, the code starts the embedded executable. This executable is an information stealer extracting sensitive data to a Discord channel.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-03-flowfix
Reasons (based on the campaign):
obfuscation
infostealer
Downloads and executes a remote executable.
{
"malicious-packages-origins": [
{
"versions": [
"0.1.1"
],
"sha256": "e79fec156ab781e041d49cebd6082ee113ef98ce53945dc1a949a3a8e96fa734",
"modified_time": "2026-03-15T17:02:41.75817Z",
"source": "kam193",
"id": "pypi/2026-03-flowfix/flowpeek",
"import_time": "2026-03-15T17:44:00.762653875Z"
}
],
"iocs": {
"urls": [
"https://lustodyssey.com/lustodysseysetup2.1.1.exe"
],
"domains": [
"lustodyssey.com"
]
}
}