polyutil

MAL-2026-928

PyPItyposquat2/17/2026

Description

Malicious code in polyutil (PyPI)

Indicators of Compromise

SHA256 Hashes (2)

31a0fc68eee0841a78740fd3e3748171612b871b58bf9f3e52b4fa35bed64774

ced0763b255a5c499d7346f2b2567b34069021fc7be38bcb455ebdaca93aab72

Domains (2)

doc-sendapplication.comupdatedappython.com

IP Addresses (1)

45.150.34.209

References (6)

https://tria.ge/260212-z9ndmabs3bOSV https://www.virustotal.com/gui/file/703439f496bded646bb01b62d2cec96f713346a5e38249cdcab4b4840ea56aa9/detectionOSV https://app.any.run/tasks/6c406e3e-5a9b-4019-8427-8be8b30e284aOSV https://tria.ge/260213-22j3cah18b/behavioral1OSV https://bad-packages.kam193.eu/pypi/package/polyutilOSV https://www.getsafety.com/blog-posts/magicwolfOSV

Details

EcosystemPyPI

Attack Typetyposquat

Published2/17/2026

Quick Actions

All Incidents PyPI Incidents

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001