SYNC STALE

Supply-chain threat intelligence

Incident detail

criticalpypi·crypto miner·osv

Malicious code in cryptolock (PyPI)

Published May 30, 2026, 02:36 PM

Risk score

92

AI summary

Indexed incident for cryptolock (pypi).

Description

-= Per source details. Do not edit below this line.=-

Source: kam193 (b0140fddafadce54debaca7d9591e2770acd987aaf90ec7008b4ae4cf301c233)

During installation, the code tamper with security settings and downloads and executes malicious executable.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-cryptolock

Reasons (based on the campaign):

The package overrides the install command in setup.py to execute malicious code during installation.
Downloads and executes a remote executable.
malware

Technical details

Affected versions

<function fixed() { [native code] }

Indicators

affected_version<function fixed() { [native code] }75%
affected_version<function fixed() { [native code] }75%

Timeline

May 30, 02:36 PMAdvisory published
May 31, 06:41 AMIndexed by ThreatPkg

Related incidents