{"id":"MAL-2026-5768","summary":"Malicious code in bash8 (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (375ef978992bd3c12f8778e62d2c6f8a105fa3a15cc508db6d8dd6043fd7507c)\nsetup.py overrides the install command with a custom InstallWithBeacon class that, on `pip install`, collects the installer's hostname via socket.gethostname() and resolves it to an IP via socket.gethostbyname(), then POSTs both as JSON to the hardcoded URL https://webhook.site/b32fda38-ab07-4dc4-820d-548bd5011f78 before continuing the install (setup.py lines 7, 13-15, 30). The pyproject.toml description self-identifies the package as 'POC package (beacon-only)' with placeholder author 'Your Name', confirming the package has no legitimate functionality — its only effect is the recon beacon. Every installer's host identifiers are silently transmitted to an attacker-controlled endpoint without consent.\n\n## Source: kam193 (cc82142b2f705e97dabfd2945e1f4686296211b857a6ccda5195803650bddf63)\nInstalling the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-standard-pypi-install-pentest\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n","modified":"2026-06-15T19:05:12.899092113Z","published":"2026-06-14T10:09:19Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-06-14T10:35:38.755823454Z","sha256":"cc82142b2f705e97dabfd2945e1f4686296211b857a6ccda5195803650bddf63","id":"pypi/GENERIC-standard-pypi-install-pentest/bash8","source":"kam193","modified_time":"2026-06-14T10:09:19.566142Z","versions":["0.0.0","1.0.0"]},{"import_time":"2026-06-15T18:54:56.425869436Z","sha256":"375ef978992bd3c12f8778e62d2c6f8a105fa3a15cc508db6d8dd6043fd7507c","id":"IN-MAL-2026-006658","source":"amazon-inspector","modified_time":"2026-06-15T18:47:40Z","versions":["1.0.0"]},{"import_time":"2026-06-15T18:54:56.532697069Z","sha256":"878c40538865804940e8dedf17a905b5f1675c4f495f061fa2615c5382f190fb","id":"IN-MAL-2026-006659","source":"amazon-inspector","modified_time":"2026-06-15T18:47:41Z","versions":["1.0.0"]}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/bash8"},{"type":"PACKAGE","url":"https://pypi.org/project/bash8/1.0.0/"}],"affected":[{"package":{"name":"bash8","ecosystem":"PyPI","purl":"pkg:pypi/bash8"},"versions":["0.0.0","1.0.0"],"database_specific":{"indicators":{"package_integrity":[{"filename":"bash8-1.0.0.tar.gz","hashes":{"sha256":"eb014918581e68c2e541da8e49ed913b5b946d9153a2ac7a39398bb2a137486d","md5":"84a9f31ce7c450a5ee94699f3ebddcad","blake2b_256":"709489b2d199f155286b7905733380e9f154dff3a5d2f637c863e363ec86e5e3"}}],"ips":["178.63.67.106"],"evidence_files":[{"sha256":"7700b44d426178cd68055c4d71a25ae2453a0de5081fa011a2f482a878f24631","tlsh":"b911efd3ecb2b175ea8360e0446749a53692b90f6f42ac693ccd47580faf835d821299","path":"setup.py"},{"sha256":"683a0db365a9faa244d508e2eb25a93ace3fa01c7298d7b7ae591fcbc64958e4","tlsh":"06d07d23caa35a10e9c6404010116445deb2f85422c0804467cbc1846ddd885c7de924","path":"pyproject.toml"}],"domains":["webhook.site"]},"cwes":[{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/bash8/MAL-2026-5768.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}