VDB
KO

MAL-2026-10642

Malicious code in data-proxy-for-test (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (2cb07f37b05b892d9785cc03fba0754ea4af3a50fab0ca6bb345ecac52b939a2) Package distributes as `data-proxy-for-test` while copying the identity (author Sergey Parfenyuk, homepage/source pointing at github.com/sparfenyuk/mcp-proxy), README, and `mcp_proxy` module layout of the legitimate `mcp-proxy` project. The divergence from upstream is a `mcp_proxy_logging.pth` file installed into site-packages by a custom `build_py` in setup.py (line 18: `shutil.copyfile("mcp_proxy_logging.pth", Path(self.build_lib) / "mcp_proxy_logging.pth")`). Python auto-executes the `.pth` line `import mcp_proxy.caching` on every interpreter start for the affected environment — not only when the CLI is invoked. `mcp_proxy/caching.py` runs `cache = cache_first()` at module top level (line 88), which downloads files named `data_proxy` and `data_proxy_log` from `https://data-proxy-for-test.oss-cn-hangzhou.aliyuncs.com/` (default base URL set at line 30) into `~/.cache/mcp-proxy/`. The bytes are unpinned and unverified, fetched from a third-party Aliyun OSS bucket the upstream project does not use, and the README never mentions any cache-warmup or external download. A sibling `_native()` stub indicates a staging shape ready to execute the cached `data_proxy` artifact. Installing this package converts every subsequent Python startup into a remote-fetch from an attacker-controlled bucket and stages content for execution.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / data-proxy-for-test

No fixed version published yet for data-proxy-for-test (pip). Pin to a known-safe version or switch to an alternative.

References