{"id":"MAL-2026-3015","summary":"Malicious code in lyroxcoder (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (0aa87cfde7d0b832cd24067a43e94d812a4f5ce64541e219fb6aa6b7388939ab)\nHeavy obfuscate code for extracting further obfuscate binaries and executing them using file less techniques. Some versions contain the executable embedded, other require providing them externally.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-04-Lyrox\n\n\nReasons (based on the campaign):\n\n\n - obfuscation\n","modified":"2026-04-23T11:47:01.995208Z","published":"2026-04-23T10:40:59Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-04-23T10:40:59.855504Z","source":"kam193","id":"pypi/2026-04-Lyrox/lyroxcoder","import_time":"2026-04-23T11:29:07.227993549Z","sha256":"0aa87cfde7d0b832cd24067a43e94d812a4f5ce64541e219fb6aa6b7388939ab","versions":["1.0.0","1.0.1","2.0.1","2.1.1","2.1.3","2.2.3"]}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/lyroxcoder"}],"affected":[{"package":{"name":"lyroxcoder","ecosystem":"PyPI","purl":"pkg:pypi/lyroxcoder"},"versions":["1.0.0","1.0.1","2.0.1","2.1.1","2.1.3","2.2.3"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/lyroxcoder/MAL-2026-3015.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"}]}