—
MAL-2026-5332
Malicious code in xforpy (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: kam193 (6ebd6a0497e01ef631a2c357263bd1af23d88e8d9a9ae46fe39110571949198c) During import, the package starts a reverse shell
---
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-06-anthropy
Reasons (based on the campaign):
- The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / xforpy
No fixed version published yet for xforpy (pip). Pin to a known-safe version or switch to an alternative.