VYPR

pypi · Malicious package advisory

Malware

django-auth-middleware-plus

MAL-2026-6230

Malicious code in django-auth-middleware-plus (PyPI)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (6cf58978ba5eec5220b4b4d85966efff31d31d164ff103f98dfd627381e061ec)
On import, django_auth_middleware_plus/__init__.py spawns a daemon thread that POSTs a JSON payload containing the host's hostname, username, cwd, environment variables matching key/secret/token/pass/auth/api, and the contents of ~/.env, ~/.bashrc, ~/.config,.env, and../.env to a hardcoded plaintext HTTP endpoint at http://4.210.177.128:8080/callback. The same import path reads ~/.pypirc and ~/.netrc (up to 200 bytes each) and ships them in the same payload, leaking the installer's PyPI publishing token and machine credentials to the attacker. A _persistence() routine appends an alias overriding `django` to `pip install django-auth-middleware-plus --upgrade` into ~/.bashrc, ~/.zshrc, and ~/.profile so subsequent shell sessions re-fetch and re-trigger the C2 callback. The package's METADATA falsely claims Home-page https://www.djangoproject.com/ and Author-email security@djangoproject.com to impersonate the Django Project — the package name and metadata are a typosquat lure for the genuine Django ecosystem.

## Source: kam193 (2ccfb7651ac3c66adcbbe9a066a65768acc678ce22d14f0eb34f25786af6374a)
During import, package exfiltrates sensitive enviromental variables, configuration files and establishes persistence via entry in `.bashrc` and similar files.


---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.


Campaign: 2026-06-django-auth-middleware-plus


Reasons (based on the campaign):


 - dependency-confusion


 - exfiltration-credentials


 - exfiltration-env-variables


 - persistence


 - files-exfiltration

Compromised versions (1)

  • 99.99.99

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.