Every week, our malware detection systems scan thousands of new and updated packages across public registries like npm and PyPI. This week was no exception. We confirmed over 145 malicious packages between July 10 and July 17, 2026, across npm and PyPI, led by one standout campaign and several continuing threats.
The biggest single event was bingo-ai on PyPI: nearly 80 versions confirmed within about 30 minutes on July 13, a clear signature of automated, templated publishing rather than a manual campaign.
We also confirmed PhantomSync, an eight-package npm cluster (base58-utils, abi-encode, eth-dev, arb-kit, layer2-sdk, solana-key-utils, eth-wallet-helpers, crypto-validate-lib) published July 13–14 under a single account. Each package works exactly as advertised, but hides a self-invoking dropper that fires ~37 seconds after import, decodes a payload staged as a fake test fixture, installs cross-platform persistence, and launches a crypto-wallet and secrets stealer that exfiltrates RSA-4096-encrypted findings to public IPFS storage.
The @wagni_bot crypto/DeFi impersonation scope, which we’ve tracked in previous weeks, kept expanding, adding new SDK names for Binance, Jupiter, Orca, Pump.fun, Solana, and Meteora on top of its existing Polymarket, Hyperliquid, MetaMask (typosquatted as metemask-sdk), and OpenSea packages.
The moon-uv FauxUV campaign continued with six more versions on PyPI, and google-caja-bower used inflated version numbers (up to 1000.800.20) on npm in an apparent dependency-confusion attempt. We also confirmed axios-test-one, a typosquat targeting one of the most widely used npm packages.
This weekly snapshot is part of our ongoing Malicious Code Digest, where we validate new threats and provide actionable intelligence to help DevSecOps teams protect their pipelines before damage occurs. Let’s break down what we found this week and why it matters.
145+ Packages. One Week. The Scale Keeps Climbing.
This week’s digest reflects the same trajectory: attackers publish faster than registries remove, and faster than a weekly scan can catch. A single PyPI package, bingo-ai, went from first version to nearly 80 confirmed versions in about 30 minutes, automated publishing at a speed no manual review process can match. Meanwhile, PhantomSync shows that volume isn’t the only risk: eight quiet, well-crafted npm packages sat with a delayed dropper for a day before detonating, and the @wagni_bot crypto SDK impersonation scope kept adding new targets on top of an already-wide net.
Xygeni Early Malware Warning monitors npm, PyPI, and other registries in real time, flagging threats at the moment of publication, before they reach a build, before an AI agent installs them autonomously, and before a delayed dropper or a rebranded infostealer has a chance to execute. When bingo-ai ships dozens of versions in half an hour, or a PhantomSync package waits 37 seconds after import before firing, detection that runs after the fact is already too late.
Xygeni’s Open Source Security platform gives DevSecOps teams the real-time detection and prioritization needed to stay ahead of coordinated supply chain pressure, so your pipelines stay clean without slowing your teams down.






