MAL-2026-6927: Malicious code in paysafe-kyc (PyPI)
The paysafe-kyc package version 1.0.0 on PyPI contains malicious code that exfiltrates basic data and parts of sensitive environment variables to a remote host. The malicious code includes sandbox detection and obfuscation techniques to evade analysis. This package is part of a campaign involving dependency confusion and hidden malicious actions within library usage.
AI Analysis
Technical Summary
The paysafe-kyc PyPI package version 1.0.0 contains embedded malicious code designed to steal information by exfiltrating environment variables and other basic data to an external server. The package employs sandbox detection to avoid execution in analysis environments and uses obfuscation to conceal its behavior. This threat is associated with a dependency confusion attack vector and hides its malicious actions within normal library usage, making detection more difficult.
Potential Impact
Users who install and use paysafe-kyc version 1.0.0 risk having sensitive environment variables and basic data exfiltrated to a remote attacker-controlled host. This can lead to exposure of confidential information and potential further compromise of systems relying on these environment variables.
Mitigation Recommendations
No official patch or remediation is currently available for paysafe-kyc version 1.0.0. Users should avoid installing or using this package. Review dependencies for potential dependency confusion attacks and remove any instances of paysafe-kyc from environments. Monitor for updates from the package maintainer or PyPI for any official fixes or removals.
MAL-2026-6927: Malicious code in paysafe-kyc (PyPI)
Description
The paysafe-kyc package version 1.0.0 on PyPI contains malicious code that exfiltrates basic data and parts of sensitive environment variables to a remote host. The malicious code includes sandbox detection and obfuscation techniques to evade analysis. This package is part of a campaign involving dependency confusion and hidden malicious actions within library usage.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The paysafe-kyc PyPI package version 1.0.0 contains embedded malicious code designed to steal information by exfiltrating environment variables and other basic data to an external server. The package employs sandbox detection to avoid execution in analysis environments and uses obfuscation to conceal its behavior. This threat is associated with a dependency confusion attack vector and hides its malicious actions within normal library usage, making detection more difficult.
Potential Impact
Users who install and use paysafe-kyc version 1.0.0 risk having sensitive environment variables and basic data exfiltrated to a remote attacker-controlled host. This can lead to exposure of confidential information and potential further compromise of systems relying on these environment variables.
Mitigation Recommendations
No official patch or remediation is currently available for paysafe-kyc version 1.0.0. Users should avoid installing or using this package. Review dependencies for potential dependency confusion attacks and remove any instances of paysafe-kyc from environments. Monitor for updates from the package maintainer or PyPI for any official fixes or removals.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- MAL-2026-6927
- Osv Schema Version
- 1.7.4
- Aliases
- []
- Ecosystems
- ["PyPI"]
- Database Specific Severity
- null
- Cvss Version
- null
Threat ID: 6a4e4ee9c9d9e3dbe3289cd2
Added to database: 07/08/2026, 13:21:45 UTC
Last enriched: 07/08/2026, 13:41:38 UTC
Last updated: 07/08/2026, 13:41:38 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.