---

-= Per source details. Do not edit below this line.=-

Source: kam193 (2068b3e139d5ddfecb0d673c458ecf5c6c8e8554fd35efef184e81d99af63a99)

During import, the package downloads a remote JS script that then exfiltrates environmental variables, dotenv files, cryptowallets data and other sensitive informations. It's part of a broader campaign across PyPI, NPM and Github.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-eth-security-auditor

Reasons (based on the campaign):

• files-exfiltration

• exfiltration-env-variables

• crypto-related

• Downloads and executes a remote malicious script.

• exfiltration-crypto

• exfiltration-credentials