SYNC STALE

Supply-chain threat intelligence

Incident detail

criticalpypi·crypto miner·osv

Malicious code in hell-cipher (PyPI)

Published May 31, 2026, 02:13 AM

Risk score

92

AI summary

Indexed incident for hell-cipher (pypi).

Description

-= Per source details. Do not edit below this line.=-

Source: kam193 (e852860302b982f58123434d6c8671299f6b8e45e8f57c8149ab3380eb91fa63)

During installation, the code tamper with security settings and downloads and executes malicious executable.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-cryptolock

Reasons (based on the campaign):

The package overrides the install command in setup.py to execute malicious code during installation.
Downloads and executes a remote executable.
malware

Technical details

Affected versions

<function fixed() { [native code] }

Indicators

affected_version<function fixed() { [native code] }75%

Timeline

May 31, 02:13 AMAdvisory published
May 31, 06:41 AMIndexed by ThreatPkg

Related incidents