{"id":"MAL-2026-6557","summary":"Malicious code in pkg-fallback (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (7f4ccaa9f059318782cd3b811f5bd6ea926e267e4b05dc4971d6acc6687d5d4f)\nsetup.py performs an unconditional urllib.request.urlopen() at install time to a hardcoded plaintext bare-IP endpoint http://157.254.194.200:8080/dependency-payload-1.0.0.tar.gz, with exceptions silently swallowed. This fires automatically during pip install (build/setup phase), confirming code execution on the installer's machine and disclosing the installer's network identity to attacker-controlled infrastructure. The distribution is published as 'pkg-fallback' but ships an unrelated 'string_kit' module described as 'string-kit' in README/PKG-INFO; the name/module divergence together with the install-time bare-IP beacon and the attacker-suggestive payload filename ('dependency-payload') is consistent with a dependency-confusion staging/enumeration package rather than a genuine utility.\n\n## Source: kam193 (4563c95d80446cbc0c815185ab9b3649b048c82a33b2d662523ce4760dbc6856)\nPackage exploits dependency confusion. A beacon request is used to report usage back, but no additional information are exfiltrated.\n\n\n---\n\nCategory: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.\n\n\nCampaign: GENERIC-beacon-dependency-confusion\n\n\nReasons (based on the campaign):\n\n\n - typosquatting\n\n\n - dependency-confusion\n","modified":"2026-06-28T08:15:56.051092370Z","published":"2026-06-28T06:01:28Z","database_specific":{"malicious-packages-origins":[{"sha256":"7f4ccaa9f059318782cd3b811f5bd6ea926e267e4b05dc4971d6acc6687d5d4f","import_time":"2026-06-28T06:50:42.931191475Z","versions":["1.1.0"],"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"source":"amazon-inspector","id":"IN-MAL-2026-007697","modified_time":"2026-06-28T06:01:28Z"},{"sha256":"4563c95d80446cbc0c815185ab9b3649b048c82a33b2d662523ce4760dbc6856","id":"pypi/GENERIC-beacon-dependency-confusion/pkg-fallback","versions":["1.1.0"],"source":"kam193","import_time":"2026-06-28T08:10:57.722648683Z","modified_time":"2026-06-28T07:22:27.366925Z"}]},"references":[{"type":"PACKAGE","url":"https://pypi.org/project/pkg-fallback/1.1.0/"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/pkg-fallback"}],"affected":[{"package":{"name":"pkg-fallback","ecosystem":"PyPI","purl":"pkg:pypi/pkg-fallback"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.1.0"],"database_specific":{"cwes":[{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pkg-fallback/MAL-2026-6557.json","indicators":{"evidence_files":[{"sha256":"e63cda868cf61706d3d8666c109977ecbcbc7b83f0d784a0330a4196bf034822","tlsh":"6901ce85ce8078e5c9dba64548799c5e12326b033d01f4d9bb8983583f4d2dfcb36259","path":"setup.py"}],"package_integrity":[{"filename":"pkg_fallback-1.1.0.tar.gz","hashes":{"sha256":"272ff22462e20ef5fd5766729843adfc577ff8a72c6c87e809c56efc6e042921","md5":"6f78fa86c4f5c320aec88febbcd47878","blake2b_256":"bfdd6c973cf80595a3f50e4d3e2c19dff3f72fda1ec86eb37689573bae86a5a9"}}]}}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}