VYPR

pypi · Malicious package advisory

Malware

proxy-check-i

MAL-2026-10100

Malicious code in proxy-check-i (PyPI)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (2da390c130eb840eb129a5d43faf0a64a0f0f602070243613aa0e2f8ea8f6d04)
The package advertises itself as a wrapper for a 'qsshd executable' but the bundled Go binary is a reverse-SSH daemon that grants a remote operator persistent shell, exec, pty, and TCP port-forwarding on the installer's host. The entry point `proxy-check-i` (declared in the package's console_scripts, mapped to `qsshd.launcher:main`) uses `os.execv` to launch the bundled Go binary. The daemon establishes device identity by writing a `.device_lock` file under `$XDG_CONFIG_HOME`, `/dev/shm`, or `/tmp`, then repeatedly dials out to a relay via `github.com/mydearniko/overthing` (`tunnel.NewServer` with `RelayURI` and `ForwardAddr` pointing at the local SSH listener). SSH authentication only accepts a single hardcoded ed25519 public key embedded at build time via `//go:embed authorized_keys`, so only the key holder can connect. The reverse-connect design bypasses inbound firewalls. PyPI metadata is a cover story: PKG-INFO summary mentions only 'qsshd executable' with no README and no disclosure of SSH-server, authorized-keys, or outbound-relay behavior, so an installer cannot infer they are enabling a remote-shell daemon. Any host that runs `proxy-check-i` is remotely controllable by the key holder.

## Source: kam193 (dd01be5624206ed8c0a5ba9535c9a9e79ed8770b37eb9ebc381edbe73cb5e779)
The embedded binary starts a relayed SSH-like server using a hardcoded authorized_key. Thanks to using a relay network, the attacked does not need to directly expose ports from the machine.


---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.


Campaign: 2026-07-proxy-check-i


Reasons (based on the campaign):


 - backdoor


 - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.

Compromised versions (2)

  • 0.1.0
  • 0.1.1

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.