MAL-2026-4837
Malicious code in my-test-package-2025-xyz (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: kam193 (a2f3ab0a3c7ef9009c99575d9dd051c4a97575435cabf5d3a4c223f53bc47b89) During installation, the package opens a reverse shell
---
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-05-my-test-package-2025-xyz
Reasons (based on the campaign):
- The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.
- The package overrides the install command in setup.py to execute malicious code during installation.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for my-test-package-2025-xyz (pip). Pin to a known-safe version or switch to an alternative.