MAL-2026-2516
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/sentinel-tool/MAL-2026-2516.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-2516
- Published
- 2026-04-08T16:31:08Z
- Modified
- 2026-04-08T17:03:57.638289Z
- Summary
- Malicious code in sentinel-tool (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (5a2ff07802c4546c40d47d3780971506115297a1e8c177be36ad1e003dd62937)
The package installs a remote executable that uses a hardcoded Telegram channel for monitoring the user's activity, including regularly taking screenshots, and some remote control possibilities like switching the computer off and grabbing clipboard content. Some content suggests it was designed to be used by the uploader themself, but it poses the risk to anyone installing it.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-04-sentinel-tool
Reasons (based on the campaign):
Downloads and executes a remote executable.
spyware-like
- Database specific
{ "iocs": { "urls": [ "https://raw.githubusercontent.com/offc559-crypto/senitel/main/Sentinel.exe" ] }, "malicious-packages-origins": [ { "id": "pypi/2026-04-sentinel-tool/sentinel-tool", "sha256": "5a2ff07802c4546c40d47d3780971506115297a1e8c177be36ad1e003dd62937", "source": "kam193", "versions": [ "0.1", "0.2", "0.3", "0.4", "0.5", "0.6" ], "modified_time": "2026-04-08T16:31:08.27997Z", "import_time": "2026-04-08T16:56:45.491035065Z" } ] }- References
- Credits
-
-
- Kamil MaĆkowski (kam193) - REPORTER
-
Affected packages
PyPI / sentinel-tool
Package
- Name
- sentinel-tool
- View open source insights on deps.dev
- Purl
- pkg:pypi/sentinel-tool