pypi · Malicious package advisory
Malwareunreal-mladapter
MAL-2026-6736
Malicious code in unreal-mladapter (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (126bf3493d123333b47fba2ed68e30c085c8266dfb4d16923a81e9ee094f4780) The package name `unreal-mladapter` mimics Epic Games' internal UnrealMLAdapter plugin and is published at version 99999.0.0 — the canonical high-version bump used in dependency-confusion attacks to override private/internal resolution. On any `import unreal_mladapter`, the top-level __init__.py spawns a background thread that POSTs a JSON payload containing the installer's hostname, USER/USERNAME environment variable, and current working directory to http://109.123.247.172/pypi over plaintext HTTP. Errors are swallowed. Package metadata is placeholder (author 'Security Research', description 'Internal package'). The import-time exfiltration of host identifiers to a hardcoded non-publisher bare-IP endpoint, combined with the 99999.0.0 dependency-confusion version and internal-namespace impersonation, is an unambiguous supply-chain attack shape. ## Source: kam193 (b8b4f17043a9c57ea2087c59c771151186c117ab64cbf5c45df85df62469aa89) Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities. Campaign: GENERIC-standard-pypi-install-pentest Reasons (based on the campaign): - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk. - The package overrides the install command in setup.py to execute malicious code during installation.
Compromised versions (1)
- 99999.0.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.