SYNC STALE

Supply-chain threat intelligence

Incident detail

criticalpypi·credential theft·osv

Malicious code in h4xupdate (PyPI)

Published May 31, 2026, 01:30 AM

Risk score

92

AI summary

Indexed incident for h4xupdate (pypi).

Description

-= Per source details. Do not edit below this line.=-

Source: kam193 (0de4da975d7b071824607be751a9ea0fb13e409eaef58d1cc0628263d5dea700)

Package contains a remote control tool taking orders from a hardcoded Telegram bot. The authorship impersonate legitimate company.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-h4xupdate

Reasons (based on the campaign):

rat
The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.
files-exfiltration
impersonation

Technical details

Affected versions

<function fixed() { [native code] }

Indicators

affected_version<function fixed() { [native code] }75%

Timeline

May 31, 01:30 AMAdvisory published
May 31, 06:41 AMIndexed by ThreatPkg

Related incidents