FYI: Another malicious clone in Github & PyPI

[kam193]

Hi!

Just letting you know, there is another malicious clone, named logguru, on PyPI and Github.

PyPI: hxxps://pypi[.]org/project/logguru
GitHub: hxxps://github[.]com/Delgann/loguru

If used, it will download malware:

The downloaded binary seems not to be detected by AVs yet (https://www.virustotal.com/gui/file/e3252fc08959fbb3e749f74eba1720efca62982e7017e519f54cb9c30480ee8f/detection) but acts as a stealer and attempts to collect browser data: https://tria.ge/251129-mp6cgsgk5v/behavioral1

I hope both projects will be gone soon, but I'm leaving the message here as a precaution for people.

[Delgan]

Thank you, once again, for your report and analysis.

I have pinned this ticket until it is resolved.

[Furglitch]

It should be safe to close/delete this now. Both the malicious repo and impersonator account have been closed.

[kam193]

Before we closed, there is another one: https://pypi.org/project/loguru-utf8/ I'm still analyzing what it does, but it includes an obfuscated native module for "license check". Yeah, sure...