MAL-2026-5519

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (38c64ca050de4910f56bc4a652890b0a378082859cb62153762c6ae08b4b8eae) The package impersonates the popular `requests-toolbelt` library but ships an empty `requests_toolbelt_plus/__init__.py` and places its real logic in `setup.py`. On `pip install`, setup.py checks `/proc/version` for WSL markers and, when matched, opens a TCP socket to the hardcoded IP 185.184.192.205 on port 4444, sends a JSON beacon containing `os.getlogin()`, `os.uname().nodename`, and `os.getcwd()`, then spawns a background thread that reads JSON commands from the socket and executes them via `subprocess.run(cmd, shell=True, capture_output=True, text=True)`, returning stdout/stderr to the operator — full remote command execution against the installer's machine. setup.py also appends a Python one-liner to `~/.bashrc` that re-opens the same socket, `dup2`s stdio onto it, and execs `/bin/bash -i`, giving the attacker a persistent interactive reverse shell that fires on every new login shell and survives package uninstall. The WSL-only gating is a deliberate evasion to stay dormant on non-WSL maintainer machines and execute only on targeted Windows-Subsystem-for-Linux developer hosts.

## Source: kam193 (bd626be82a68d95788077b8b3c87a960c87d971e55496791cedf85154d99087f) Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.

---

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: GENERIC-standard-pypi-install-pentest

Reasons (based on the campaign):

- The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

- The package overrides the install command in setup.py to execute malicious code during installation.