pypi · Malicious package advisory
Malwarequery-profile
MAL-2026-6236
Malicious code in query-profile (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (7e5505d198ffea0cc608cbcd89e3d8fbe236f4d4ac532425b0e042c52bf87efe) This package's metadata and README openly declare it as a dependency-confusion proof-of-concept that registers a PyPI name referenced in Apple's ml-health-query-profiles tutorial. The current payload is inert: __init__.py only sets __version__ and __main__.py prints a notice — no network calls, no subprocess execution, no file or credential access at install or import time. However, anyone following the upstream tutorial that references this package name would silently pull this PoC into their environment. Although the present version is benign, the registered name occupies a namespace slot that a third party referenced, and any future version published under this name would automatically reach those installers. Routing to human review so an adjudicator can decide whether the PoC nature warrants a public advisory and whether the upstream tutorial reference needs coordination. ## Source: kam193 (9a60c7fce9ec29fa327128c80bca74a51b9f1965c50c6dc9286016fa31001bf1) Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities. Campaign: GENERIC-standard-pypi-install-pentest Reasons (based on the campaign): - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk. - The package overrides the install command in setup.py to execute malicious code during installation. ## Source: ossf-package-analysis (668684938d648f2835b9065f86e06d3815d9c81999a32e50b6ffe61942bd7015) The OpenSSF Package Analysis project identified 'query-profile' @ 0.0.3 (pypi) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.
Compromised versions (3)
- 0.0.1
- 0.0.2
- 0.0.3
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.