-= Per source details. Do not edit below this line.=-
The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-10-speedd-testing-bot
Reasons (based on the campaign):
typosquatting
Downloads and executes a remote malicious script.
rat
{
"malicious-packages-origins": [
{
"versions": [
"0.3"
],
"sha256": "660cdc2470d38cf51f0a232119dd9765cba56eb66412f12d3c09b40dd7bd8530",
"modified_time": "2026-02-18T19:32:14.534841Z",
"source": "kam193",
"id": "pypi/2025-10-speedd-testing-bot/telebot-infee",
"import_time": "2026-02-18T20:16:32.728734707Z"
},
{
"versions": [
"0.3"
],
"sha256": "017bd7a5eb9de2492ae8097933ccf0f51af4346a346bd3ea6fa8f1fe538411ff",
"modified_time": "2026-02-18T19:32:14.534841Z",
"source": "kam193",
"id": "pypi/2025-10-speedd-testing-bot/telebot-infee",
"import_time": "2026-02-26T09:49:02.343455991Z"
}
],
"iocs": {
"urls": [
"https://pastebin.com/raw/xAT1vudj",
"https://i7trak-id3i.onrender.com",
"https://pastebin.com/raw/M3Rh68JJ",
"https://pastebin.com/raw/77tXxA1d",
"https://pastebin.com/raw/PSPYUQTt"
],
"domains": [
"server-unlock-hack.onrender.com"
]
}
}