pypi · Malicious package advisory
Malwareinversiones-common
MAL-2026-6262
Malicious code in inversiones-common (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (347a767ebbbb5843e6b005c167d98c9ab7b3ea943fadd88401682f2a2b14b2a4) setup.py executes a `_beacon()` function at module top level (before `setup()` is called), so the payload fires automatically on `pip install inversiones-common`. The beacon collects: hostname, `id`/`uname` output, environment variables (including PIP_INDEX_URL, OKTA_TOKEN, AWS_*, GITHUB_*, and proxy credentials), `/etc/resolv.conf`, `/etc/hosts`, `/etc/machine-id`, pip configuration files (`~/.config/pip/pip.conf`, `/etc/pip.conf`, `~/.pip/pip.conf`) which commonly contain private-index basic-auth credentials, `pip list` output, network interface details, and probes the AWS IMDSv1 endpoint at `http://169.254.169.254/latest/meta-data/iam/security-credentials/` along with GCP and Azure metadata services to harvest cloud instance role credentials. The collected JSON blob is POSTed over plain HTTP to a hardcoded bare IP `http://157.173.126.113:8888/depconf-rce-v2`. The package name `inversiones-common` and version `99.0.1` (an artificially high version chosen to outrank private-index resolutions) target Fintual's internal namespace; the payload includes a `FINTUAL-DEPCONF-RCE-V2` marker and probes `gitea.fintual.in`. Self-described 'authorized bug bounty' framing in the source does not limit blast radius — anyone whose pip resolver picks up this public package, by typo or namespace confusion, will run the beacon and leak secrets to the attacker IP. ## Source: kam193 (db7e12d838a02b689989300eb5fc231e541d2f4af8fd6d92d23baf697d9754f9) Generic campaign for all (likely) research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: GENERIC-questionable-pentest Reasons (based on the campaign): - exfiltration-env-variables - exfiltration-generic - The package overrides the install command in setup.py to execute malicious code during installation. - typosquatting ## Source: ossf-package-analysis (84c429f2131d4d031e80894355e2d5ef70eefa3eccb712653fdd6adeca1fe0c8) The OpenSSF Package Analysis project identified 'inversiones-common' @ 99.0.1 (pypi) as malicious. It is considered malicious because: - The package executes one or more commands associated with malicious behavior.
Compromised versions (2)
- 99.0.0
- 99.0.1
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.