{"id":"MAL-2026-5335","summary":"Malicious code in xfoobar (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (a54c1c17d20a069af19c48751aada9e426bcbf55484c360cf21ac70f35d3d0dd)\nDuring import, the package starts a reverse shell\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-anthropy\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.\n","modified":"2026-06-08T22:15:46.530729947Z","published":"2026-06-08T21:41:16Z","database_specific":{"iocs":{"domains":["dns.subtrace.xyz","subtrace.xyz"],"ips":["54.176.251.240"]},"malicious-packages-origins":[{"id":"pypi/2026-06-anthropy/xfoobar","versions":["0.0.5"],"sha256":"a54c1c17d20a069af19c48751aada9e426bcbf55484c360cf21ac70f35d3d0dd","import_time":"2026-06-08T22:06:48.158650002Z","source":"kam193","modified_time":"2026-06-08T21:41:16.890882Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/xfoobar"}],"affected":[{"package":{"name":"xfoobar","ecosystem":"PyPI","purl":"pkg:pypi/xfoobar"},"versions":["0.0.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/xfoobar/MAL-2026-5335.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}