THREATNOIR
Subscribe
Back to Feed
MalwareJun 12, 2026

Our Artifact Scanner flagged "pylogxo", a PyPI typosquat of "pylogx" dropping Sirkeira Stealer fr...

PyPI typosquat 'pylogxo' dropped Sirkeira Stealer to harvest credentials.

Read at source

Summary

A malicious Python package named 'pylogxo' was discovered on PyPI, acting as a typosquat for the legitimate package 'pylogx'. This malicious package was designed to download and execute the Sirkeira Stealer, which aimed to harvest sensitive data including browser credentials, Discord tokens, and Roblox account information. Although the package has been removed from PyPI, the associated payload remains active.

Indicators of Compromise

  • domain — 69.164.245.166
  • malware — Sirkeira Stealer

Entities

pylogxo (product)pylogx (product)PyPI (technology)