—
MAL-2026-5335
Malicious code in xfoobar (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: kam193 (a54c1c17d20a069af19c48751aada9e426bcbf55484c360cf21ac70f35d3d0dd) During import, the package starts a reverse shell
---
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-06-anthropy
Reasons (based on the campaign):
- The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / xfoobar
No fixed version published yet for xfoobar (pip). Pin to a known-safe version or switch to an alternative.