Which versions of pystylish are malicious?

The following PyPI versions of pystylish are flagged malicious: 2.9. Treat any of these as compromised.

How do I remediate pystylish if I installed it?

Remove pystylish from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is pystylish part of a known attack campaign?

Yes — pystylish is associated with the IN-MAL-2026-006934, 2026-06-pystylish campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect pystylish in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking pystylish and packages like it before any post-install script runs.

Malicious package

pystylishPyPI

Malicious code in pystylish (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2026-6076

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall pystylish

What this malware does

On import pystylish, the package's init.py spawns a daemon thread that downloads a Windows executable from https://goy.mikoz.xyz/boh3.exe, writes it to %TEMP%/vcredist_x86.exe (disguised as the Microsoft Visual C++ runtime installer), and executes it via subprocess.Popen. The domain is unrelated to the package's stated purpose (a terminal color/fade library) and is not a publisher-controlled host. To evade local DNS controls, the loader resolves the C2 domain through DNS-over-HTTPS (Cloudflare 1.1.1.1/dns-query and dns.google/resolve), then connects to the resolved IP with a manual Host header so /etc/hosts entries and sinkholes are bypassed. Error paths print a fake Failed to connect to discord.com:80 message regardless of the actual destination, providing cover for the unrelated outbound traffic. The package is a typosquat/clone of the legitimate pystyle library by billythegoat356 — README still points at github.com/billythegoat356/pystyle while the package is published under the name pystylish, and the library API is copied verbatim from pystyle with the dropper appended. Any developer who installs and imports pystylish (including transitively) will silently fetch and run an attacker-controlled binary on Windows.

Clone of a legitimate package. During import, the code downloads and executes a malicious executable.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-pystylish

Reasons (based on the campaign):

Downloads and executes a remote executable.
malware
clones-real-package

Malicious versions

1 flagged

2.9

Indicators of compromise (SHA-256)

3a6a09e52477106b9586e89c2b0207bdc51e6d22dad500b7cc12a424d684c35b

f8318d882352a4515c0598fc728a7609874502d0e42f98a8f47214307d07aec8

Frequently asked questions

No. pystylish on PyPI has been identified as a malicious package (version 2.9 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-0069342026-06-pystylish

References

Credits

Amazon Inspector · finder
Kamil Mańkowski (kam193) · reporter

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection