pypi · Malicious package advisory
Malwarepokee-data-utils
MAL-2026-10547
Malicious code in pokee-data-utils (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (4b6677ea5f73a9b1fbbc0dc209ef6b5d31077f316df63eec1ba4054f60645431) The package performs credential and environment harvesting at both install time and import time. setup.py installs a PostInstall cmdclass that, during `pip install`, reads internal host files (/sandbox-app/ws_proxy.py, /sandbox-app/ws_proxy_modules/session_store.py, /proc/self/cmdline), enumerates all environment variable names, prints the collected data to stdout, and writes /tmp/sc_critical_poc.json. On `import pokee_poc`, __init__.py reads the first 25 characters of ANTHROPIC_API_KEY from the environment, enumerates all env var names, reads files under /sandbox-app/, lists session metadata under FILESTORE_WORKSPACE_DIR/.sessions, runs `ps aux`, reads /proc/net/fib_trie, then writes the aggregated dump to <workspace>/SC_POC_PROOF.txt and /tmp/sc_poc.json and prints it to stdout. The package self-labels '[SUPPLY CHAIN POC — FULL IMPACT]', has placeholder metadata, and contains no legitimate utility code. In a multi-tenant agent sandbox the workspace-visible proof file and stdout banner expose partial provider credentials and internal host source to any party with read access to the workspace.
Compromised versions (1)
- 1.0.1
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.