THREATPKG
SYNC STALE
Supply-chain threat intelligence
Incident detail
Risk score
92
AI summary
Indexed incident for my-test-package-2025-xyz (pypi).
Description
-= Per source details. Do not edit below this line.=-
Source: kam193 (a2f3ab0a3c7ef9009c99575d9dd051c4a97575435cabf5d3a4c223f53bc47b89)
During installation, the package opens a reverse shell
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-05-my-test-package-2025-xyz
Reasons (based on the campaign):
The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.
The package overrides the install command in setup.py to execute malicious code during installation.
Technical details
Affected versions
<function fixed() { [native code] }
Indicators
- affected_version<function fixed() { [native code] }75%
Timeline
- Advisory published
- Indexed by ThreatPkg
Related incidents
- Malicious code in sorenson-webfonts (npm)sorenson-webfonts92
- Malicious code in lib-1779997093-yjeeqn (PyPI)lib-1779997093-yjeeqn92
- Malicious code in @neon-i18n/core-ui (npm)@neon-i18n/core-ui92
- Malicious code in @polka-ui/config (npm)@polka-ui/config92
- Malicious code in editorial-code (npm)editorial-code92