MAL-2026-10759
Malicious code in ryry-cli (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (4a305ba94c92b6ec62aaf627fc1213d9e37e1645f37fd033f61c7becaba71edd) ryry-cli runs as a long-lived agent that connects to a hardcoded WebSocket at wss://api.dalipen.com/aigc/task/connect and executes Python scripts under subprocess.Popen based on task messages sent by that server. During its polling loop it calls aigc/task/getAutoDeployWidget and, for each entry the server returns, runs `pip install <server-supplied URL>` on arbitrary wheels or downloads a zip and installs its requirements.txt, giving the remote endpoint unattended code execution on the host. utils.check_restart() writes a shell script that runs `apt-get update && apt-get upgrade && apt-get install -y...` and `pip install -U ryry-cli` and schedules it via `at now + 1 minutes` or Windows schtasks, mutating system packages and self-upgrading the CLI outside the user's package manager. taskUtils posts JSON payloads containing socket.gethostname() and a MAC/CPU-serial-derived device id, plus task log files, to a hardcoded WeChat work webhook at qyapi.weixin.qq.com/cgi-bin/webhook/send with an embedded key. A server-supplied Mihomo/Clash subscription URL fetched from aigc/task/config is applied by proxy_manager to route the agent's outbound traffic through an author-controlled proxy configuration. The package also embeds base64-encoded Aliyun OSS access-key ID and secret (utils.K1/K2) that are decoded at runtime and used to PUT files to the author's p-template-hk / p-upload-gz buckets.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for ryry-cli (pip). Pin to a known-safe version or switch to an alternative.
References
- https://pypi.org/project/ryry-cli/6.28/ [PACKAGE]
- https://pypi.org/project/ryry-cli/6.26/ [PACKAGE]