This is an advisory for a malicious package.

We recommend immediate removal of malicious versions of this package. Safety Firewall is actively blocking installation and will help you identify any existing installations of the package.

Learn more

PyPI: readosso

SFTY-20250920-97661

--- _-= Per source details. Do not edit below this line.=-_ ## Source: kam193 (67ade73536cb4834ba05b33797c1cadcddbf7d90fc099bd6e53f94b9deec4f66) Package automatically starts a Discord bot waiting for instructions to download and start a remote executable --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-09-readosso Reasons (based on the campaign): - Downloads and executes a remote executable.

PyPI

Created at: Dec 31, 2025Updated at: Dec 31, 2025

Overview

Malicious code in readosso (PyPI)

Advisory

Malicious code in readosso (PyPI)

Affected Package

Affecting readosso package, versions

==0.1.3

==0.1.2

==0.1.0

Also affects

---

How to Fix

We recommend updating readosso to the latest non-vulnerable version.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

https://getsafety.com/vulnerabilities/SFTY-20250920-97661

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more