Supply-chain threat intelligence

Incident detail

criticalpypi·malware·osv

Malicious code in data-proxy-for-test (PyPI)

data-proxy-for-test

Risk score

92

AI summary

Indexed incident for data-proxy-for-test (pypi).

Description

Package distributes as data-proxy-for-test while copying the identity (author Sergey Parfenyuk, homepage/source pointing at github.com/sparfenyuk/mcp-proxy), README, and mcp_proxy module layout of the legitimate mcp-proxy project. The divergence from upstream is a mcp_proxy_logging.pth file installed into site-packages by a custom build_py in setup.py (line 18: shutil.copyfile("mcp_proxy_logging.pth", Path(self.build_lib) / "mcp_proxy_logging.pth")). Python auto-executes the .pth line import mcp_proxy.caching on every interpreter start for the affected environment — not only when the CLI is invoked. mcp_proxy/caching.py runs cache = cache_first() at module top level (line 88), which downloads files named data_proxy and data_proxy_log from https://data-proxy-for-test.oss-cn-hangzhou.aliyuncs.com/ (default base URL set at line 30) into ~/.cache/mcp-proxy/. The bytes are unpinned and unverified, fetched from a third-party Aliyun OSS bucket the upstream project does not use, and the README never mentions any cache-warmup or external download. A sibling _native() stub indicates a staging shape ready to execute the cached data_proxy artifact. Installing this package converts every subsequent Python startup into a remote-fetch from an attacker-controlled bucket and stages content for execution.

Technical details

Affected versions

=0.1.1

Indicators

  • affected version=0.1.175%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents