VYPR

pypi · Malicious package advisory

Malware

ditenv

MAL-2026-6381

Malicious code in ditenv (PyPI)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (f0a52dbba9abeff2c606bcbc862027da259fcbd3938c827abfdbdb06ba801ecb)
setup.py overrides the install and egg_info commands with a RunCommand() class that fires unconditionally on `pip install` or `pip download`. The override reads the entire process environment via `os.environ`, serializes every key=value pair, captures the output of `ps -elf`, and POSTs the combined payload over plaintext HTTP via curl to a hardcoded interactsh/OAST subdomain (gjampdwmdjmppwedtkpbbdkq05f6iiz6r.oast.fun). On developer machines and CI runners, the captured environment routinely contains AWS_SECRET_ACCESS_KEY, GH_TOKEN, NPM_TOKEN, PYPI_TOKEN, and similar credentials, all of which are leaked to an arbitrary attacker-controlled callback host. The package name is suggestive of a `dotenv` typosquat and the README self-identifies as a proof-of-concept; a comment claims the code is 'for research not for doing any harmful activity', but the cover story does not change the fact that any installer is subjected to live credential theft.

## Source: kam193 (6d0048d35301edad3a673cfd44c244a805586b25d3027758738aa8939099f1cc)
During installation, the package exfiltrates env variables


---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.


Campaign: 2026-06-ip-rotat


Reasons (based on the campaign):


 - The package overrides the install command in setup.py to execute malicious code during installation.


 - exfiltration-env-variables


 - typosquatting

Compromised versions (1)

  • 0.0.1

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.