{"id":"MAL-2026-10702","summary":"Malicious code in discordia-telemetria (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (ab73f38fc09955a1adcf493615ca1b8d6f3dedb2ae53d232c4c52b9aee9d26ee)\nDuring installation, the package downloads and executes a remote executable. Before 0.1.5, the code contained local-only tests of malicious behaviour.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-07-discord-telemetry\n\n\nReasons (based on the campaign):\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n\n - Downloads and executes a remote executable.\n\n\n - malware\n","modified":"2026-07-16T17:47:24.536482673Z","published":"2026-07-16T16:25:06Z","database_specific":{"malicious-packages-origins":[{"versions":["0.1.1","0.1.2"],"id":"pypi/2026-07-discord-telemetry/discordia-telemetria","import_time":"2026-07-16T17:32:38.467456057Z","modified_time":"2026-07-16T16:25:06.946232Z","sha256":"ab73f38fc09955a1adcf493615ca1b8d6f3dedb2ae53d232c4c52b9aee9d26ee","source":"kam193"}],"iocs":{"urls":["https://gaming-telemetry.com/v1/beaconafter","https://gaming-telemetry.com/v1/download"],"domains":["gaming-telemetry.com"]}},"references":[{"type":"WEB","url":"https://www.virustotal.com/gui/file-analysis/ZWM2MzcwMWE4NzM5ZjY2MGYzZjBiYTY4NjA0Y2E4YmE6MTc4NDIxMDQzMA=="},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/discordia-telemetria"}],"affected":[{"package":{"name":"discordia-telemetria","ecosystem":"PyPI","purl":"pkg:pypi/discordia-telemetria"},"versions":["0.1.1","0.1.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/discordia-telemetria/MAL-2026-10702.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}