SYNC STALE

Supply-chain threat intelligence

Incident detail

criticalpypi·credential theft·osv

Malicious code in spaysdata (PyPI)

Published Jun 2, 2026, 08:44 PM

Risk score

92

AI summary

Indexed incident for spaysdata (pypi).

Description

-= Per source details. Do not edit below this line.=-

Source: kam193 (55bfbc1a93fe9a662ed20b5fb651390a850c8f43e4d68d81677b4ffd0ca17bcf)

The package exfiltrates Roblox cookies from the victim machine.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-spaysrbdata

Reasons (based on the campaign):

infostealer

Technical details

Affected versions

<function fixed() { [native code] }

Indicators

affected_version<function fixed() { [native code] }75%
affected_version<function fixed() { [native code] }75%
affected_version<function fixed() { [native code] }75%
affected_version<function fixed() { [native code] }75%
affected_version<function fixed() { [native code] }75%
affected_version<function fixed() { [native code] }75%
affected_version<function fixed() { [native code] }75%

Timeline

Jun 2, 08:44 PMAdvisory published
Jun 3, 06:41 AMIndexed by ThreatPkg

Related incidents