---

-= Per source details. Do not edit below this line.=-

Source: kam193 (d1279e2d267bf2af95bf5c3a98cc71ac362ed2af7aa35f6bbfe1f05bb839cb18)

During installation, package attempts to download and run an executable imitating malicious activity.

---

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: 2026-06-goodoldtoulas

Reasons (based on the campaign):

• The package overrides the install command in setup.py to execute malicious code during installation.

• Downloads and executes a remote executable.