MAL-2026-10139: Malicious code in turbocalc (PyPI)
The turbocalc package version 0.1.0 on PyPI contains malicious code that executes obfuscated in-memory functions from a binary blob upon import. It subsequently communicates with the domain dockfinancial.lu. The exact behavior of this communication is unknown, but the package is categorized as malicious with clear intent such as information stealing. No official patch or remediation is currently documented.
AI Analysis
Technical Summary
The turbocalc PyPI package version 0.1.0 includes obfuscated malicious code that activates during import by running in-memory functions derived from a binary blob. After execution, it establishes communication with dockfinancial.lu, though the precise purpose of this communication is not detailed. This package is classified under a malicious campaign (2026-07-turbocalc) with intent consistent with malware such as infostealers. There is no CVSS score or vendor advisory indicating remediation or patch availability.
Potential Impact
The presence of obfuscated malicious code that executes on import and communicates with an external domain indicates a high risk of compromise, including potential data exfiltration or further malicious activity. Since the exact behavior is unknown, the impact could range from information theft to system compromise. No known exploits in the wild have been reported yet.
Mitigation Recommendations
No official patch or remediation is currently available. Users should avoid installing or using turbocalc version 0.1.0 from PyPI. If already installed, remove the package and investigate any suspicious activity related to its use. Monitor for updates from the package maintainers or PyPI security teams for any remediation announcements.
MAL-2026-10139: Malicious code in turbocalc (PyPI)
Description
The turbocalc package version 0.1.0 on PyPI contains malicious code that executes obfuscated in-memory functions from a binary blob upon import. It subsequently communicates with the domain dockfinancial.lu. The exact behavior of this communication is unknown, but the package is categorized as malicious with clear intent such as information stealing. No official patch or remediation is currently documented.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The turbocalc PyPI package version 0.1.0 includes obfuscated malicious code that activates during import by running in-memory functions derived from a binary blob. After execution, it establishes communication with dockfinancial.lu, though the precise purpose of this communication is not detailed. This package is classified under a malicious campaign (2026-07-turbocalc) with intent consistent with malware such as infostealers. There is no CVSS score or vendor advisory indicating remediation or patch availability.
Potential Impact
The presence of obfuscated malicious code that executes on import and communicates with an external domain indicates a high risk of compromise, including potential data exfiltration or further malicious activity. Since the exact behavior is unknown, the impact could range from information theft to system compromise. No known exploits in the wild have been reported yet.
Mitigation Recommendations
No official patch or remediation is currently available. Users should avoid installing or using turbocalc version 0.1.0 from PyPI. If already installed, remove the package and investigate any suspicious activity related to its use. Monitor for updates from the package maintainers or PyPI security teams for any remediation announcements.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- MAL-2026-10139
- Osv Schema Version
- 1.7.4
- Aliases
- []
- Ecosystems
- ["PyPI"]
- Database Specific Severity
- null
- Cvss Version
- null
Threat ID: 6a520ecb68715ace438f62df
Added to database: 07/11/2026, 09:37:15 UTC
Last enriched: 07/11/2026, 09:57:53 UTC
Last updated: 07/11/2026, 21:37:49 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.