-= Per source details. Do not edit below this line.=-
Package downloads and runs a remote executable, which was found to downloads further exes and starting coine mining
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-07-pyqt6darktheme
Reasons (based on the campaign):
cryptominer
Downloads and executes a remote executable.
malware
The package overrides the install command in setup.py to execute malicious code during installation.
{
"malicious-packages-origins": [
{
"versions": [
"0.1.0"
],
"id": "pypi/2026-07-pyqt6darktheme/pyqt6darktheme",
"modified_time": "2026-07-08T04:25:06.972829Z",
"sha256": "2bdc188e3830dcb855d495618a4f3de11307a230cfef8c8ca4ce93199f254ca7",
"import_time": "2026-07-08T06:02:27.065761304Z",
"source": "kam193"
},
{
"versions": [
"0.1.0"
],
"id": "pypi/2026-07-pyqt6darktheme/pyqt6darktheme",
"modified_time": "2026-07-08T04:25:06.972829Z",
"sha256": "8cd6d16792d681b160ae1e11b3f698d8fd3004cd6019704008ad1c649fbe6f67",
"import_time": "2026-07-09T13:32:44.48675574Z",
"source": "kam193"
}
],
"iocs": {
"urls": [
"http://florinn.dev:65534/ins.exe",
"http://florinn.dev:65534/kasgjiasjfiw.exe",
"http://florinn.dev:65534/kasgjiasjfim.exe"
],
"domains": [
"florinn.dev"
]
}
}