SYNC STALE

Supply-chain threat intelligence

Incident detail

criticalpypi·crypto miner·osv

Malicious code in crypto-helper (PyPI)

Published May 30, 2026, 02:47 PM

Risk score

92

AI summary

Indexed incident for crypto-helper (pypi).

Description

-= Per source details. Do not edit below this line.=-

Source: kam193 (bbb379240ef7e43770f6dab576919fa97bd23ffbb8d3e39b31fd656649335fd7)

During installation, the code tamper with security settings and downloads and executes malicious executable.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-cryptolock

Reasons (based on the campaign):

The package overrides the install command in setup.py to execute malicious code during installation.
Downloads and executes a remote executable.
malware

Technical details

Affected versions

<function fixed() { [native code] }

Indicators

affected_version<function fixed() { [native code] }75%

Timeline

May 30, 02:47 PMAdvisory published
May 31, 06:41 AMIndexed by ThreatPkg

Related incidents