Supply-chain threat intelligence
Incident detail
Risk score
92
AI summary
Indexed incident for hello-test-s1 (pypi).
Description
During installation or importing the module, the package starts a reverse shell to hardcoded locatiom
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-12-aiogram-sever-patch
Reasons (based on the campaign):
The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.
The package overrides the install command in setup.py to execute malicious code during installation.
dependency-confusion
Technical details
Affected versions
=0.1.0=0.3.0=0.3.1
Indicators
- affected version=0.1.075%
- affected version=0.3.075%
- affected version=0.3.175%
Timeline
- Advisory published
- Indexed by ThreatPkg
Related incidents
- Malicious code in npx-whoami-demo (npm)npx-whoami-demo92
- Malicious code in ltidiconf (npm)ltidiconf92
- Malicious code in npm-sandbox-ping-c8f2a (npm)npm-sandbox-ping-c8f2a92
- Malicious code in npm-sandbox-research-8b2f (npm)npm-sandbox-research-8b2f92
- Malicious code in npm-sandbox-research-9c4e (npm)npm-sandbox-research-9c4e92