-= Per source details. Do not edit below this line.=-
This package depends on malicious 'procwire', which starts malicious actions during installation.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-07-procwire
Reasons (based on the campaign):
The package overrides the install command in setup.py to execute malicious code during installation.
Downloads and executes a remote executable.
obfuscation
The malicious code is intentionally included in a dependency of the package
malware
steganography
{
"malicious-packages-origins": [
{
"versions": [
"7.0.1",
"7.0.2"
],
"sha256": "7c0b6d6eae8eecdf0317e7d4c624ff2a1eee1ca58c92c6b4fac34dd2567f4556",
"modified_time": "2026-07-03T23:44:02.386738Z",
"source": "kam193",
"import_time": "2026-07-04T00:45:00.56055493Z",
"id": "pypi/2026-07-procwire/confighub"
}
],
"iocs": {
"urls": [
"https://gofilecdn-cf.pd1.workers.dev/w5Unkv"
],
"domains": [
"gofilecdn-cf.pd1.workers.dev"
]
}
}