Supply-chain threat intelligence
Risk score
92
Indexed incident for eth-agent (pypi).
The top-level eth_agent/init.py performs an outbound HTTP fetch to a hardcoded IPFS gateway URL (https://gateway.pinata.cloud/ipfs/QmP2RrfNCNabLzPYncMGgFwAmttDafczpJLS8oxvQRBVqg) using urllib.request.urlopen, passes the returned bytes to exec() in a new namespace, and then invokes a main() function from that namespace. The entire fetch-and-execute block is wrapped in a bare try/except: pass annotated with a Spanish comment marking the load as silent, so any error is suppressed and the payload load is hidden from the user during import. This fires on every import eth_agent, so simply importing the package after pip install eth-agent runs opaque, attacker-controlled Python code on the installer's machine. The IPFS content is not pinned by hash-verification in code, is served from a third-party gateway, and is unrelated to the package's stated Ethereum RPC helper purpose.
During import, the code downloads and executes a remote script. The script collects sensitive files, including cryptocurrency wallet private keys and seeds, SSH keys, dotenv files and uploads them to IPFS. After that, it communicates with C2 and awaits further commands to execute.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-07-metemask-sdk
Reasons (based on the campaign):
files-exfiltration
typosquatting
exfiltration-ssh-keys
crypto-related
Downloads and executes a remote malicious script.
exfiltration-crypto
The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.
uses:ipfs
Affected versions
Indicators
Timeline