datacamp-light 99.0.0 impersonates DataCamp's internal package (name='datacamp-light', author='DataCamp', url='https://github.com/datacamp/datacamp-light', anomalous version 99.0.0 — the canonical dependency-confusion bait shape). setup.py defines an exfiltrate() function and invokes it unconditionally at top level, so it fires during pip install. The function collects hostname, current working directory, platform, Python version, and USER/USERNAME environment variables, JSON-encodes them, and POSTs them via urllib.request.urlopen to https://z39gspa3.pingback.sh/c. Any installer whose resolver picks up this public artifact (the intent of the 99.0.0 version pin) leaks host and user identifiers to the pingback domain. Even though the package self-labels as a 'PoC,' the published artifact actively phones home from any machine that installs it.

Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.

---

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: GENERIC-standard-pypi-install-pentest

Reasons (based on the campaign):

• The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

• The package overrides the install command in setup.py to execute malicious code during installation.