SYNC STALE

Supply-chain threat intelligence

Incident detail

criticalpypi·malware·osv

Malicious code in anthropy (PyPI)

Published Jun 5, 2026, 10:09 PM

Risk score

92

AI summary

Indexed incident for anthropy (pypi).

Description

During import, the package starts a reverse shell

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-anthropy

Reasons (based on the campaign):

The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.

Technical details

Indicators

affected version<function fixed() { [native code] }75%
affected version<function fixed() { [native code] }75%
affected version<function fixed() { [native code] }75%
affected version<function fixed() { [native code] }75%
affected version<function fixed() { [native code] }75%
affected version<function fixed() { [native code] }75%

Timeline

Jun 5, 10:09 PMAdvisory published
Jun 6, 06:41 AMIndexed by ThreatPkg

Related incidents