{"id":"MAL-2026-5340","summary":"Malicious code in xfoofoox (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (94e46dfacc8ffb015e2258d96dedda0eebb7118144ace7021794c88b319ade14)\nDuring import, the package starts a reverse shell\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-anthropy\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.\n","modified":"2026-06-08T23:15:50.007322058Z","published":"2026-06-08T22:31:36Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-06-08T23:01:22.272011201Z","id":"pypi/2026-06-anthropy/xfoofoox","versions":["0.0.6"],"source":"kam193","modified_time":"2026-06-08T22:31:36.219895Z","sha256":"94e46dfacc8ffb015e2258d96dedda0eebb7118144ace7021794c88b319ade14"}],"iocs":{"domains":["dns.subtrace.xyz","subtrace.xyz"],"ips":["54.176.251.240"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/xfoofoox"}],"affected":[{"package":{"name":"xfoofoox","ecosystem":"PyPI","purl":"pkg:pypi/xfoofoox"},"versions":["0.0.6"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/xfoofoox/MAL-2026-5340.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"}]}