SYNC STALE

Supply-chain threat intelligence

Incident detail

criticalpypi·credential theft·osv

Malicious code in spaysrbdata (PyPI)

Published Jun 2, 2026, 07:42 PM

Risk score

92

AI summary

Indexed incident for spaysrbdata (pypi).

Description

-= Per source details. Do not edit below this line.=-

Source: kam193 (2d461e4f26b3a0fb04120613c34e74745f6d63ce83abe98c40e470c527921501)

The package exfiltrates Roblox cookies from the victim machine.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-spaysrbdata

Reasons (based on the campaign):

infostealer

Technical details

Affected versions

<function fixed() { [native code] }

Indicators

affected_version<function fixed() { [native code] }75%
affected_version<function fixed() { [native code] }75%
affected_version<function fixed() { [native code] }75%
affected_version<function fixed() { [native code] }75%
affected_version<function fixed() { [native code] }75%

Timeline

Jun 2, 07:42 PMAdvisory published
Jun 3, 06:41 AMIndexed by ThreatPkg

Related incidents