This is an advisory for a malicious package.

We recommend immediate removal of malicious versions of this package. Safety Firewall is actively blocking installation and will help you identify any existing installations of the package.

Learn more

PyPI: marshel

SFTY-20260118-32654

--- _-= Per source details. Do not edit below this line.=-_ ## Source: kam193 (d1b25f97e5a657b33bb26f2ccdfbdb55e459274a4cb3e19e38d3f04ba6ea3583) The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-10-speedd-testing-bot Reasons (based on the campaign): - typosquatting - Downloads and executes a remote malicious script. - rat

PyPI

Created at: Feb 26, 2026Updated at: Feb 26, 2026

Overview

Malicious code in marshel (PyPI)

Advisory

Malicious code in marshel (PyPI)

Affected Package

Affecting marshel package, versions

==0.3

Also affects

---

How to Fix

We recommend updating marshel to the latest non-vulnerable version.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

https://getsafety.com/vulnerabilities/SFTY-20260118-32654

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more