Supply-chain threat intelligence
Risk score
92
Indexed incident for cosmos-gradio (pypi).
cosmos-gradio 9999.0.0 is a dependency-confusion squat published as an sdist-only release with an intentionally inflated version to win highest-version resolution on installers that mix a private index with PyPI. setup.py (executed at sdist build/install) and cosmos_gradio/init.py (executed on import) run the same beacon that collects the installer's hostname, OS username, and current working directory and transmits them to the hardcoded domain oob.asyncrun.in via two channels: (1) a DNS lookup where the '|' pair is base32-encoded into a subdomain label under oob.asyncrun.in (out-of-band DNS exfiltration that works even when HTTP egress is blocked), and (2) an HTTP GET carrying the same fields as query-string parameters, with HTTPS attempted first and a plaintext-HTTP fallback. The package name collides with a plausible internal 'cosmos-gradio' package and the release is sdist-only specifically to force setup.py execution on pip install.
Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.
Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
Campaign: GENERIC-standard-pypi-install-pentest
Reasons (based on the campaign):
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
The package overrides the install command in setup.py to execute malicious code during installation.
Affected versions
Indicators
Timeline