VYPR

pypi · Malicious package advisory

Malware

jsonschemavalid

MAL-2026-6970

Malicious code in jsonschemavalid (PyPI)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: kam193 (66c7a352526170a98abaa8fcccfd433c9e8326e340df4904adce19bd13a05902)
A clone of a legitimate package with an embeded reverse shell. In the published version, the reverse shell was connecting to a private IP address suggesting the package was not yet fully weaponized.


---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.


Campaign: 2026-07-jsonschemavalidation


Reasons (based on the campaign):


 - The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.


 - clones-real-package


 - obfuscation

Compromised versions (1)

  • 4.26.0

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.