VDB
EN

MAL-2026-2946

Malicious code in moonbit-metrics-validator (PyPI)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (e6bb44c25db578131ec69b1c961c22f67cabb0b81aae5fe9d4620194bf8d83cc) Campaign includes a chain of dependencies that finally exfiltrate sensitive environment variables to a hardcoded GitHub repository as exfiltration target, and in specific environments also start a reverse shell. It appears to be targeting specifically one GitHub project, where the front-end package was included in a PR.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-04-moonbit-locale-compat

Reasons (based on the campaign):

- The malicious code is intentionally included in a dependency of the package

- The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.

- exfiltration-env-variables

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / moonbit-metrics-validator

No fixed version published yet for moonbit-metrics-validator (pip). Pin to a known-safe version or switch to an alternative.

참고