On import textwrap_toolkit_stager, the package's __init__.py unconditionally fetches Python source from http://194.5.152.9:8080/hacks/textwrap-toolkit/textwrap_toolkit/__init__.py via urllib.request.urlopen and passes the response bytes directly to exec(code_bytes, {"__name__": "__main__"}). The fetch uses a bare IP over plaintext HTTP, with no version pinning, no hash verification, and errors silently swallowed. Any process that imports this package executes attacker-controlled Python code from 194.5.152.9 with the full privileges of the importing user. The package's advertised purpose ('lightweight utility for advanced text wrapping') has no implementation in the shipped code — the module's sole behavior is the remote stager. The package name itself self-describes the intent ('stager').

During import, package downloads and executes an obfuscated script. The code then adds a new authorized SSH key and reports back the IP of the current environment. After that, the code also attempts to exfiltrate cryptocurrency wallet data

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-textwrap-toolkit-stager

Reasons (based on the campaign):

• backdoor

• obfuscation

• Downloads and executes a remote malicious script.

• crypto-related

• exfiltration-crypto