{"id":"MAL-2026-3695","summary":"Malicious code in pirxcypackage (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (5de481a31a831804a096bf6cf87157c0b0ee158aa7306c95080447764f9f7540)\nPirxcyPackage/__init__.py fetches https://pastebin.com/raw/91tFF63S and passes the response body to exec() on every import. This is a textbook remote-code-execution supply-chain pattern: the payload is mutable, unauthenticated, unsigned, and controlled by a third-party paste owner, so any installer importing this package runs arbitrary attacker-chosen Python. The staging via Pastebin also ensures static review of the wheel cannot observe actual behavior. Installer harm is direct and unambiguous.\n","modified":"2026-05-13T20:22:39.652939Z","published":"2026-05-12T07:43:27Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-05-13T20:10:55.711401902Z","id":"IN-MAL-2026-002316","modified_time":"2026-05-12T19:03:07Z","versions":["8.0.0"],"source":"amazon-inspector","sha256":"5de481a31a831804a096bf6cf87157c0b0ee158aa7306c95080447764f9f7540"}]},"references":[{"type":"PACKAGE","url":"https://pypi.org/project/PirxcyPackage/8.0.0/"}],"affected":[{"package":{"name":"pirxcypackage","ecosystem":"PyPI","purl":"pkg:pypi/pirxcypackage"},"versions":["8.0.0"],"database_specific":{"cwes":[{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pirxcypackage/MAL-2026-3695.json","indicators":{"urls":["https://pastebin.com/raw/91tFF63S"],"package_integrity":[{"hashes":{"sha256":"cff907689a5abfba582b5e214544b96b34f352b7a0248607b269f5807bd4819b","md5":"161d9d5f8e87ea66bc518757b968bd79","blake2b_256":"1f2511888159b71760cf8a0734ec9b943e0d1b405b40690ed03382862fc080d2"},"filename":"PirxcyPackage-8.0.0-py2-none-any.whl"},{"hashes":{"sha256":"8eaca3a630758dc513060ab76a283bdb066f11b3ac4f21f0dd5c1728d7e1374d","md5":"f3afe26816bd54b99f8783e9cb979e01","blake2b_256":"51d3f93e232ece104772889ee4323ccc0cf362820d2366b37dde6087a058b6b4"},"filename":"PirxcyPackage-8.0.0.tar.gz"}],"evidence_files":[{"sha256":"5c742188cdac2f649dc78f48a46d4a0a42b7ec19ef290af1945adda6f913023e","tlsh":"23211129bc8ad73317c701597b8fc4dfd12ed168175a62d1952180586277a3c06df4dc","path":"PirxcyPackage/__init__.py"}],"domains":["pastebin.com"]}}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}