Supply-chain threat intelligence

Incident detail

criticalpypi·obfuscation·osv

Malicious code in jsonschemavalidation (PyPI)

jsonschemavalidation

Risk score

92

AI summary

Indexed incident for jsonschemavalidation (pypi).

Description

A clone of a legitimate package with an embeded reverse shell. In the published version, the reverse shell was connecting to a private IP address suggesting the package was not yet fully weaponized.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-07-jsonschemavalidation

Reasons (based on the campaign):

  • The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.

  • clones-real-package

  • obfuscation

Technical details

Affected versions

=4.26.0

Indicators

  • affected version=4.26.075%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents