THREATPKG
SYNC STALE
Supply-chain threat intelligence
Incident detail
Risk score
92
AI summary
Indexed incident for anthropy (pypi).
Description
-= Per source details. Do not edit below this line.=-
Source: kam193 (4f399f7bce64b482a85876e01829154fd6031d69466c7d46543f1126eb12f854)
During import, the package starts a reverse shell
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-06-anthropy
Reasons (based on the campaign):
- The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.
Technical details
Affected versions
<function fixed() { [native code] }
Indicators
- affected_version<function fixed() { [native code] }75%
- affected_version<function fixed() { [native code] }75%
- affected_version<function fixed() { [native code] }75%
- affected_version<function fixed() { [native code] }75%
- affected_version<function fixed() { [native code] }75%
- affected_version<function fixed() { [native code] }75%
Timeline
- Advisory published
- Indexed by ThreatPkg