loguru icon indicating copy to clipboard operation
loguru copied to clipboard
verified publisher icon Delgan

FYI: Another malicious clone in Github & PyPI

Open kam193 opened this issue 1 month ago • 2 comments

Hi!

Just letting you know, there is another malicious clone, named logguru, on PyPI and Github.

PyPI: hxxps://pypi[.]org/project/logguru GitHub: hxxps://github[.]com/Delgann/loguru

If used, it will download malware:

Image

The downloaded binary seems not to be detected by AVs yet (https://www.virustotal.com/gui/file/e3252fc08959fbb3e749f74eba1720efca62982e7017e519f54cb9c30480ee8f/detection) but acts as a stealer and attempts to collect browser data: https://tria.ge/251129-mp6cgsgk5v/behavioral1

I hope both projects will be gone soon, but I'm leaving the message here as a precaution for people.

kam193 avatar Nov 29 '25 11:11 kam193

Thank you, once again, for your report and analysis.

I have pinned this ticket until it is resolved.

Delgan avatar Nov 29 '25 11:11 Delgan

It should be safe to close/delete this now. Both the malicious repo and impersonator account have been closed.

Furglitch avatar Dec 01 '25 13:12 Furglitch

Before we closed, there is another one: https://pypi.org/project/loguru-utf8/ I'm still analyzing what it does, but it includes an obfuscated native module for "license check". Yeah, sure...

kam193 avatar Dec 10 '25 16:12 kam193