{"id":"MAL-2026-4770","summary":"Malicious code in spip-pth-demo (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (bb61035c28fe642903fac1b2776b2593c1611831ce5553e63ef8b09a77e414c9)\nThe package installs a `suspicious-demo.pth` file into site-packages via setup.py's `data_files=[(\"\", [\"suspicious-demo.pth\"])]`. Python auto-processes.pth files at every interpreter startup, and this one contains `import spip_pth_demo_marker`, whose module body is `import os; os.system(\"calc.exe\")`. The result: every invocation of `python` on a host that has installed this package executes an OS command via the shell, with no user action required beyond installation. The README explicitly states the marker module 'only writes a benign marker line to stderr' and 'does not launch processes or run OS commands' — the shipped code directly contradicts this. While the specific argv (`calc.exe`) is innocuous on Windows and a no-op elsewhere, the mechanism is a fully functional persistent code-execution surface in the installer's Python environment; substituting any other command turns this into arbitrary RCE on every Python launch..pth-based execution is particularly dangerous because it bypasses install-phase analysis and fires on every subsequent interpreter start, including in unrelated projects sharing the same environment.\n","modified":"2026-05-26T06:03:15.676429622Z","published":"2026-05-25T20:01:58Z","database_specific":{"malicious-packages-origins":[{"id":"IN-MAL-2026-004769","sha256":"476c138e87fd85231dd9fa48772df9e4a4bc9e9464264444cd13ec1905dfeb6a","modified_time":"2026-05-25T20:01:58Z","source":"amazon-inspector","versions":["1.0.2"],"import_time":"2026-05-26T05:53:14.825181729Z"},{"id":"IN-MAL-2026-004770","sha256":"bb61035c28fe642903fac1b2776b2593c1611831ce5553e63ef8b09a77e414c9","modified_time":"2026-05-25T20:02:08Z","source":"amazon-inspector","versions":["1.0.1"],"import_time":"2026-05-26T05:53:14.926445869Z"}]},"references":[{"type":"PACKAGE","url":"https://pypi.org/project/spip-pth-demo/1.0.2/"},{"type":"PACKAGE","url":"https://pypi.org/project/spip-pth-demo/1.0.1/"}],"affected":[{"package":{"name":"spip-pth-demo","ecosystem":"PyPI","purl":"pkg:pypi/spip-pth-demo"},"versions":["1.0.2","1.0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/spip-pth-demo/MAL-2026-4770.json","cwes":[{"cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code"},{"cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code"}],"indicators":{"evidence_files":[{"sha256":"489bcf1d4d7bd20980b5bfb0dfb575f3c71201c820bb4a3f0b95c1f92c3aefe2","path":"suspicious-demo.pth","tlsh":"4da002e51b4f4590456426a8542111d53abead30677a2294d44955a6c524d2453bce60"},{"path":"spip_pth_demo_marker.py","sha256":"d5bc650138b4aa6617c93acecc8ae6dd0209d2ffa4f6c8efcf452253762a9db7","tlsh":"f98000ba0b82a20000c0208b232002820232ac200b2020208082caaaca22820833cc20"}],"package_integrity":[{"hashes":{"blake2b_256":"2ac750cff86577191af19a0e56d3d6594b946b1d0ba5aea1fc0c95f1ab808f79","sha256":"0c8402e1d7af079d5c3a20497e0155a96cdc17dd39706ae6846692c36cbaadb5","md5":"5ffb6405121c0bd0395471d7a319e784"},"filename":"spip_pth_demo-1.0.2-py3-none-any.whl"},{"hashes":{"blake2b_256":"8780420e3d60c162e7572429950f3ea999de1dd9072be1bed237997910041436","sha256":"f31280b39d89b08cd3ad99d9652a57e987c3aa71fd9f16ded50ab162438bc900","md5":"0bdb8869f166c00c81c17c5cc583d3a7"},"filename":"spip_pth_demo-1.0.2.tar.gz"}]}}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}