Supply-chain threat intelligence
Risk score
92
Indexed incident for jsonschemavalidation (pypi).
A clone of a legitimate package with an embeded reverse shell. In the published version, the reverse shell was connecting to a private IP address suggesting the package was not yet fully weaponized.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-07-jsonschemavalidation
Reasons (based on the campaign):
The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.
clones-real-package
obfuscation
Affected versions
Indicators
Timeline