—

MAL-2026-5332

Malicious code in xforpy (PyPI)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (6ebd6a0497e01ef631a2c357263bd1af23d88e8d9a9ae46fe39110571949198c) During import, the package starts a reverse shell

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-anthropy

Reasons (based on the campaign):

- The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

No fixed version published yet for xforpy (pip). Pin to a known-safe version or switch to an alternative.