{"id":"MAL-2026-5273","summary":"Malicious code in anthropy (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (8fa5e8904e682bfc10273961eb25b914c8d79b89e2a6c923c32bb9b3233d41c2)\nThe package `anthropy` is a one-character typosquat of the legitimate `anthropic` PyPI SDK. The sole module `anthropy.py` executes a classic Python reverse shell at import time: it opens a TCP socket to 54.176.251.240:9001, duplicates the socket file descriptor over stdin/stdout/stderr, and spawns an interactive `sh` via `pty.spawn`. The same payload also fires when the `anthropy` console script declared in `pyproject.toml` is invoked. The package ships no API surface matching its name (project summary is just 'hello world') — its only behavior is the reverse shell. Any developer who mistypes `pip install anthropic` and then imports the package, or runs the installed CLI, hands an interactive shell on their machine to the operator of 54.176.251.240.\n\n## Source: kam193 (4f399f7bce64b482a85876e01829154fd6031d69466c7d46543f1126eb12f854)\nDuring import, the package starts a reverse shell\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-anthropy\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.\n","modified":"2026-06-11T04:01:29.430482688Z","published":"2026-06-05T22:09:46Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-06-05T22:52:12.887725134Z","sha256":"4f399f7bce64b482a85876e01829154fd6031d69466c7d46543f1126eb12f854","source":"kam193","id":"pypi/2026-06-anthropy/anthropy","versions":["0.0.1","0.0.2","0.0.3","0.0.4","0.0.5","0.0.6"],"modified_time":"2026-06-05T22:09:55.762238Z"},{"import_time":"2026-06-08T19:19:19.131505524Z","sha256":"cf774c2d1d55008cff219c973440ec6636c8191921995c31009b9cb114acf477","source":"kam193","id":"pypi/2026-06-anthropy/anthropy","versions":["0.0.1","0.0.2","0.0.3","0.0.4","0.0.5","0.0.6"],"modified_time":"2026-06-05T22:09:55.762238Z"},{"import_time":"2026-06-11T03:48:52.291323464Z","sha256":"8fa5e8904e682bfc10273961eb25b914c8d79b89e2a6c923c32bb9b3233d41c2","source":"amazon-inspector","id":"IN-MAL-2026-005446","versions":["0.0.4"],"modified_time":"2026-06-11T03:12:46Z"}],"iocs":{"domains":["dns.subtrace.xyz","subtrace.xyz"],"ips":["54.176.251.240"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/anthropy"},{"type":"PACKAGE","url":"https://pypi.org/project/anthropy/0.0.4/"}],"affected":[{"package":{"name":"anthropy","ecosystem":"PyPI","purl":"pkg:pypi/anthropy"},"versions":["0.0.1","0.0.2","0.0.3","0.0.4","0.0.5","0.0.6"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/anthropy/MAL-2026-5273.json","cwes":[{"name":"Embedded Malicious Code","cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature."}],"indicators":{"package_integrity":[{"hashes":{"md5":"765e613953177034867e7ca75e93fbdc","sha256":"68e2977938e8cc69a87cf37c9b0bce3c64cdcef5b289e75bfbd1edd77d1997d5","blake2b_256":"1be64d47275cfe6d23a330324f05285be39a9dfb4e4149d3ac7b914d299bd88f"},"filename":"anthropy-0.0.4-py3-none-any.whl"},{"hashes":{"md5":"ba3e91255e13f5c5aae3349a136bfef2","sha256":"14e82582b0c81771035eb2eb18ae543f739f45d98aa395ea1be248f243aa8191","blake2b_256":"e2e0d08f503f1bef3faf3f39d97e4f6b69221853d8aa010f4cd606ba7310d647"},"filename":"anthropy-0.0.4.tar.gz"}],"evidence_files":[{"path":"anthropy.py","tlsh":"7dd022e1f3f2214d3fb441a8204ad19a7ff4a20287d848c00c3d4aa1ab1304c10e4aa2","sha256":"f070479f898f1b7fa161d3267f9ebf730ceb8a3f63929755d85d962565b72f84"},{"path":"pyproject.toml","tlsh":"ead0a77789579555afdd4590ec701741f836b01d20b0b018d387c044795a2d9dae5826","sha256":"e3c3fccc62ef81018ff4bae4980528c6255ed7ceeb4843f1c9403e2c47209cb4"}]}}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}