{"id":"MAL-2026-6262","summary":"Malicious code in inversiones-common (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (347a767ebbbb5843e6b005c167d98c9ab7b3ea943fadd88401682f2a2b14b2a4)\nsetup.py executes a `_beacon()` function at module top level (before `setup()` is called), so the payload fires automatically on `pip install inversiones-common`. The beacon collects: hostname, `id`/`uname` output, environment variables (including PIP_INDEX_URL, OKTA_TOKEN, AWS_*, GITHUB_*, and proxy credentials), `/etc/resolv.conf`, `/etc/hosts`, `/etc/machine-id`, pip configuration files (`~/.config/pip/pip.conf`, `/etc/pip.conf`, `~/.pip/pip.conf`) which commonly contain private-index basic-auth credentials, `pip list` output, network interface details, and probes the AWS IMDSv1 endpoint at `http://169.254.169.254/latest/meta-data/iam/security-credentials/` along with GCP and Azure metadata services to harvest cloud instance role credentials. The collected JSON blob is POSTed over plain HTTP to a hardcoded bare IP `http://157.173.126.113:8888/depconf-rce-v2`. The package name `inversiones-common` and version `99.0.1` (an artificially high version chosen to outrank private-index resolutions) target Fintual's internal namespace; the payload includes a `FINTUAL-DEPCONF-RCE-V2` marker and probes `gitea.fintual.in`. Self-described 'authorized bug bounty' framing in the source does not limit blast radius — anyone whose pip resolver picks up this public package, by typo or namespace confusion, will run the beacon and leak secrets to the attacker IP.\n\n## Source: kam193 (db7e12d838a02b689989300eb5fc231e541d2f4af8fd6d92d23baf697d9754f9)\nGeneric campaign for all (likely) research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: GENERIC-questionable-pentest\n\n\nReasons (based on the campaign):\n\n\n - exfiltration-env-variables\n\n\n - exfiltration-generic\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n\n - typosquatting\n\n## Source: ossf-package-analysis (84c429f2131d4d031e80894355e2d5ef70eefa3eccb712653fdd6adeca1fe0c8)\nThe OpenSSF Package Analysis project identified 'inversiones-common' @ 99.0.1 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-06-22T16:46:23.677023588Z","published":"2026-06-22T07:54:20Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-06-22T10:56:53.594885Z","versions":["99.0.0","99.0.1"],"source":"kam193","sha256":"db7e12d838a02b689989300eb5fc231e541d2f4af8fd6d92d23baf697d9754f9","import_time":"2026-06-22T12:33:31.557578192Z","id":"pypi/GENERIC-questionable-pentest/inversiones-common"},{"sha256":"84c429f2131d4d031e80894355e2d5ef70eefa3eccb712653fdd6adeca1fe0c8","import_time":"2026-06-22T12:33:26.695149943Z","modified_time":"2026-06-22T07:54:20Z","versions":["99.0.1"],"source":"ossf-package-analysis"},{"source":"amazon-inspector","sha256":"347a767ebbbb5843e6b005c167d98c9ab7b3ea943fadd88401682f2a2b14b2a4","import_time":"2026-06-22T16:36:58.75437746Z","id":"IN-MAL-2026-007109","modified_time":"2026-06-22T16:27:37Z","versions":["99.0.1"]},{"modified_time":"2026-06-22T16:27:40Z","versions":["99.0.0"],"source":"amazon-inspector","sha256":"4e39d60f016df0f8ce946f3ffc9ea2a8f28268b1f6519806dc51ce75f50c621b","import_time":"2026-06-22T16:36:58.833840283Z","id":"IN-MAL-2026-007110"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/inversiones-common"},{"type":"PACKAGE","url":"https://pypi.org/project/inversiones-common/99.0.1/"},{"type":"PACKAGE","url":"https://pypi.org/project/inversiones-common/99.0.0/"}],"affected":[{"package":{"name":"inversiones-common","ecosystem":"PyPI","purl":"pkg:pypi/inversiones-common"},"versions":["99.0.0","99.0.1"],"database_specific":{"cwes":[{"cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"}],"indicators":{"evidence_files":[{"path":"setup.py","sha256":"7832d475f220044f46115d45b71e1c948c75fa90365c0d60946e953d4b35a9ef","tlsh":"6cc18288d825bd23b287e518b4795401733a6e6b1e41b8397bdd4a7c1fcf02ef071a94"}],"package_integrity":[{"hashes":{"sha256":"7608f0765adad5e72f6cb53c5598ae95814678d60648857934d20f7a0aaca80c","blake2b_256":"0567c4c23dff4718891fbcfedebe8e4278dd6bb20bc4ad83dfe04d4208c41a7f","md5":"810ba6428d37c8d4aefaa2396622327a"},"filename":"inversiones_common-99.0.1.tar.gz"}]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/inversiones-common/MAL-2026-6262.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}