chalk-fancy

MAL-2026-3212

PyPIbackdoor5/1/2026

Description

Malicious code in chalk-fancy (PyPI)

Indicators of Compromise

SHA256 Hashes (1)

b86a641eb2b6239d8a88849df88a1a148fa5380e3c8767dc59915edb295ef5b3

Domains (2)

renderkit1.vercel.appctx-graphics.vercel.app

References (4)

https://github.com/0xsebasneuronOSV https://socket.dev/supply-chain-attacks/north-korea-s-contagious-interview-campaignOSV https://github.com/0xsebasneuron/polymarket-arbitrage-copy-trading-bot-V2/commit/4dae9aea3c35a627a7f38a28946f73af18930a3e#diff-4d7c51b1efe9043e44439a949dfd92e5827321b34082903477fd04876edb7552OSV https://bad-packages.kam193.eu/pypi/package/chalk-fancyOSV

Details

EcosystemPyPI

Attack Typebackdoor

Published5/1/2026

Quick Actions

All Incidents PyPI Incidents

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001