{"id":"MAL-2025-191647","summary":"Malicious code in mcp-runcommand-server (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (17f8adb9e7e30e13f8656300881d4e04975f499c03c2f1dbea2e00fd86c357a5)\nPackage starts a reverse shell to a hardcoded location\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-10-mcp-runcommand-server\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.\n","modified":"2026-03-19T12:54:37.043722Z","published":"2025-10-10T10:05:00Z","database_specific":{"malicious-packages-origins":[{"source":"reversing-labs","versions":["1.0.7","1.0.9","1.0.10","1.0.11","1.0.12","1.0.13"],"modified_time":"2025-12-01T12:54:39Z","sha256":"47adfa8ad8aaeda60898c3ee3f94d214c39a6cbbf5849b129803b33445711dac","import_time":"2025-12-02T09:09:38.377565734Z","id":"RLMA-2025-05619"},{"source":"kam193","versions":["1.0.12","1.0.11","1.0.10","1.0.9","1.0.8","1.0.7","1.0.5","1.0.13"],"modified_time":"2025-10-10T11:22:49.809879Z","sha256":"133374a34eb4699b428be2676d5e2595aec20f89e6e9efd9bab5d189aab718a7","import_time":"2025-12-02T22:30:55.328386564Z","id":"pypi/2025-10-mcp-runcommand-server/mcp-runcommand-server"},{"source":"kam193","versions":["1.0.12","1.0.11","1.0.10","1.0.9","1.0.8","1.0.7","1.0.5","1.0.13"],"modified_time":"2025-10-10T11:22:49.809879Z","sha256":"17f8adb9e7e30e13f8656300881d4e04975f499c03c2f1dbea2e00fd86c357a5","import_time":"2025-12-02T23:07:18.35642974Z","id":"pypi/2025-10-mcp-runcommand-server/mcp-runcommand-server"},{"source":"kam193","versions":["1.0.5","1.0.7","1.0.8","1.0.9","1.0.10","1.0.11","1.0.12","1.0.13"],"modified_time":"2025-10-10T11:22:49.809879Z","sha256":"a0e816fae11239ebbb35bbbf5c96247018cef59df505c7ee4b5a79abd890126e","import_time":"2025-12-30T22:39:04.129026036Z","id":"pypi/2025-10-mcp-runcommand-server/mcp-runcommand-server"},{"source":"reversing-labs","versions":["1.0.8","1.0.5"],"modified_time":"2026-03-18T12:15:55Z","sha256":"c1c16f47009ac9683f5a092041d6bad2f1dc7b7e3c158817575def3f4ca24c84","import_time":"2026-03-19T12:20:02.541396801Z","id":"RLUA-2026-00502"}],"iocs":{"ips":["45.115.38.27"]}},"references":[{"type":"WEB","url":"https://research.jfrog.com/post/3-malicious-mcps-pypi-reverse-shell"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/mcp-runcommand-server"}],"affected":[{"package":{"name":"mcp-runcommand-server","ecosystem":"PyPI","purl":"pkg:pypi/mcp-runcommand-server"},"versions":["1.0.7","1.0.9","1.0.10","1.0.11","1.0.12","1.0.13","1.0.8","1.0.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mcp-runcommand-server/MAL-2025-191647.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}