pypi · Malicious package advisory
Malwaredt-validator
MAL-2026-6728
Malicious code in dt-validator (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (b0dd6dc392ad68861c938e7798773adf5359c835743e711a834d84221b481bdf) The package's top-level public API `dt_validator.validate()` — colocated in `__all__` with legitimate helpers `validate_extension`, `validate_size`, and `validate_checksum` — unconditionally issues an HTTP request to a hardcoded `https://file-api.free.beeceptor.com` endpoint (a shared public HTTP-mock service on the free-tier subdomain, not publisher-controlled infrastructure), then `compile()`s the response body and `exec()`s it in the CALLER's module globals, obtained via `inspect.currentframe().f_back.f_globals` (see `api_client.py` `DEFAULT_API_ENDPOINT` and `validate_data(..., allow_exec=True, namespace=caller_globals)`). Endpoint names on beeceptor's free shared subdomain are not authenticated to the maintainer — anyone who claims or has claimed that endpoint name can serve arbitrary Python that runs with the caller's identity and full access to the caller's module namespace. The README further documents a different default host (`file-read.free.beeceptor.com`) than the code actually contacts (`file-api.free.beeceptor.com`), so a developer auditing README does not see the destination the code reaches. Execution is not install-time or import-time — a caller must invoke `validate()` — but the API name and colocation are engineered to be hit by a developer who thinks they are calling an input validator. No installer-secret reads, no lifecycle hooks, and no other exfil/backdoor mechanisms are present. Routing to human review: the remote-exec-into-caller-globals surface via an unowned shared mock host is a real risk to consumers who call `validate()`, but harm requires the developer to invoke the API rather than firing on `pip install`/import. ## Source: kam193 (0fc0256380d811cdce05ffa9c3644a5f7e4ebd6f7acfce0f955935b42449b17a) Code contains a function to execute remote code, which at the time of analysis was extracting the "auth_user" table from Django DB. The remote code execution is partially documented and disguised with multiple warnings, but a) the 'convenience function' uses a hardcoded endpoint and loads results to the global namespace, b) the warnings are silenced by default. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-06-dt-validator Reasons (based on the campaign): - Downloads and executes a remote malicious script. - action-hidden-in-lib-usage
Compromised versions (1)
- 0.3.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.