{"id":"MAL-2026-3002","summary":"Malicious code in lyrox (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (a758a1be229d0656a639cd9e76cb14b3224260a08da87b6de28ff2bc4c1d48ba)\nHeavy obfuscate code for extracting further obfuscate binaries and executing them using file less techniques. Some versions contain the executable embedded, other require providing them externally.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-04-Lyrox\n\n\nReasons (based on the campaign):\n\n\n - obfuscation\n","modified":"2026-04-23T01:03:08.064415Z","published":"2026-04-23T00:22:16Z","database_specific":{"malicious-packages-origins":[{"versions":["1.0.0","1.0.1","1.1.1","1.1.2"],"source":"kam193","import_time":"2026-04-23T00:46:17.287778505Z","id":"pypi/2026-04-Lyrox/lyrox","modified_time":"2026-04-23T00:22:16.415247Z","sha256":"a758a1be229d0656a639cd9e76cb14b3224260a08da87b6de28ff2bc4c1d48ba"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/lyrox"}],"affected":[{"package":{"name":"lyrox","ecosystem":"PyPI","purl":"pkg:pypi/lyrox"},"versions":["1.0.0","1.0.1","1.1.1","1.1.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/lyrox/MAL-2026-3002.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}