SYNC STALE

Supply-chain threat intelligence

Incident detail

criticalpypi·credential theft·osv

Malicious code in redteam-qxz7-utils (PyPI)

redteam-qxz7-utils

Published Jun 1, 2026, 01:04 PM

Risk score

92

AI summary

Indexed incident for redteam-qxz7-utils (pypi).

Description

-= Per source details. Do not edit below this line.=-

Source: kam193 (855b67c0cf1aaed6f5e0ce3a67478a20cd4244c56424002feeeb0dea1a875848)

During installation, the package exfiltrates cloud tokens from the environment.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-redteam-qxz7-utils

Reasons (based on the campaign):

exfiltration-cloud-tokens
The package overrides the install command in setup.py to execute malicious code during installation.

Technical details

Affected versions

<function fixed() { [native code] }

Indicators

affected_version<function fixed() { [native code] }75%

Timeline

Jun 1, 01:04 PMAdvisory published
Jun 2, 06:41 AMIndexed by ThreatPkg

Related incidents