Early Access — Mondoo Vulnerability Intelligence is currently in preview.
Mondoo Vulnerability Intelligence
Search vulnerabilities and malicious packages across npm, PyPI, Go, GitHub Actions, VS Code, and more.
Search vulnerabilities and malicious packages across npm, PyPI, Go, GitHub Actions, VS Code, and more.
-= Per source details. Do not edit below this line.=-
Malicious copy of a standard library module that during class initialization downloads and executes remote code and after that attempts to cover its tracks by overwriting itself with non-malicious code. The remote code aims to collect and exfiltrate sensitive Telegram session files.
This campaign shares infrastructure and basic methods with previous 2025-11-uzip campaign.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-12-smtblib
Reasons (based on the campaign):
Downloads and executes a remote malicious script.
infostealer
target:telegram
exfiltration-credentials
action-hidden-in-lib-usage
covering-tracks
clones-real-package
typosquatting
0.1.50.1.6Exploitability
AV:NAC:L10.0/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H