-= Per source details. Do not edit below this line.=-
Malicious clone of the legitimate python-utils package, disguised as a crypto-related helper. The malicious code modification exfiltrates sensitive env variables to a hardcoded location.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-03-pymnemonic
Reasons (based on the campaign):
crypto-related
exfiltration-crypto
exfiltration-env-variables
clones-real-package
action-hidden-in-lib-usage
{
"malicious-packages-origins": [
{
"versions": [
"1.1.2",
"1.1.3",
"1.2.5"
],
"sha256": "459bd254a36d9b8c78d96285e0c0aedb285b08f22900e022ea67988f3cb98e92",
"modified_time": "2026-03-15T22:01:13.329192Z",
"source": "kam193",
"id": "pypi/2026-03-pymnemonic/pymnemonic",
"import_time": "2026-03-15T22:45:02.165432051Z"
}
],
"iocs": {
"urls": [
"https://quantumic.digital/contract/"
],
"domains": [
"quantumic.digital"
]
}
}