Supply-chain threat intelligence

Incident detail

criticalpypi·malware·osv

Malicious code in darkglitch (PyPI)

darkglitch

Risk score

92

AI summary

Indexed incident for darkglitch (pypi).

Description

darkglitch 1.2.0 ships a listener mode (-l -c) that opens a WebSocket connection to the hardcoded signaling host https://malware-signal.vercel.app/ and joins the fixed room D4RKGLI7CH. Incoming remote-command messages are passed directly into subprocess.run(command, shell=True) inside _execute_command, giving any party with access to that signaling server arbitrary shell execution on the host running the listener. core/config.py hardcodes the host and room. The -r/--run mode invokes PyInstaller with --noconsole --onefile to build darkglitch_listener.exe, a windowless Windows agent whose entry point immediately calls asyncio.run(listen_bash_mode()), packaging the same remote-shell listener as a hidden persistent agent. The self-labeling of the host as malware-signal.vercel.app and the room as D4RKGLI7CH matches the operational shape of a remote-access trojan.

Technical details

Affected versions

=1.2.0

Indicators

  • affected version=1.2.075%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents