MAL-2026-10100

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/proxy-check-i/MAL-2026-10100.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-10100
Published
2026-07-09T22:16:53Z
Modified
2026-07-09T23:02:07.662647943Z
Summary
Malicious code in proxy-check-i (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (2da390c130eb840eb129a5d43faf0a64a0f0f602070243613aa0e2f8ea8f6d04)

The package advertises itself as a wrapper for a 'qsshd executable' but the bundled Go binary is a reverse-SSH daemon that grants a remote operator persistent shell, exec, pty, and TCP port-forwarding on the installer's host. The entry point proxy-check-i (declared in the package's console_scripts, mapped to qsshd.launcher:main) uses os.execv to launch the bundled Go binary. The daemon establishes device identity by writing a .device_lock file under $XDG_CONFIG_HOME, /dev/shm, or /tmp, then repeatedly dials out to a relay via github.com/mydearniko/overthing (tunnel.NewServer with RelayURI and ForwardAddr pointing at the local SSH listener). SSH authentication only accepts a single hardcoded ed25519 public key embedded at build time via //go:embed authorized_keys, so only the key holder can connect. The reverse-connect design bypasses inbound firewalls. PyPI metadata is a cover story: PKG-INFO summary mentions only 'qsshd executable' with no README and no disclosure of SSH-server, authorized-keys, or outbound-relay behavior, so an installer cannot infer they are enabling a remote-shell daemon. Any host that runs proxy-check-i is remotely controllable by the key holder.

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "2da390c130eb840eb129a5d43faf0a64a0f0f602070243613aa0e2f8ea8f6d04",
            "id": "IN-MAL-2026-009583",
            "import_time": "2026-07-09T22:56:36.667062536Z",
            "versions": [
                "0.1.0"
            ],
            "modified_time": "2026-07-09T22:16:53Z",
            "source": "amazon-inspector"
        },
        {
            "versions": [
                "0.1.1"
            ],
            "id": "IN-MAL-2026-009584",
            "import_time": "2026-07-09T22:56:36.772525864Z",
            "modified_time": "2026-07-09T22:17:01Z",
            "sha256": "ee0e907c752a42d6a2b084a971dd61af2b020ccf33026f9a7b40367615344b36",
            "source": "amazon-inspector"
        }
    ]
}
References
Credits

Affected packages

PyPI / proxy-check-i

Package

Affected ranges

Affected versions

0.*
0.1.0
0.1.1

Database specific

indicators
{
    "evidence_files": [
        {
            "tlsh": "5ea0243044d044035dcc150701c40d7fdd3135053fdc0f00504100141dfd5c1cc1403c",
            "sha256": "2dca1f8128dd32da51ec6aea5e0a409773bfe8172655e72b94c7e832437ecd0f",
            "path": "internal/sshd/authorized_keys"
        },
        {
            "sha256": "3635d4483809bb7c3dab73fbc0b560dd2b0b470a1ce7d2a11d596119b2a52f33",
            "tlsh": "f872b5e2db7d45160ba20069dc54d559ebbcd0394a3890f5f488a2fb30cc59fd1beac6",
            "path": "cmd/qsshd/main.go"
        },
        {
            "sha256": "355069045531fb20f10b935c247fa039afc674bb9119de10452bea1e44394949",
            "tlsh": "aad02b91638071f0b099cad6010c5a61545ad242568915d6c9e21fce098922887db030",
            "path": "PKG-INFO"
        }
    ],
    "package_integrity": [
        {
            "filename": "proxy_check_i-0.1.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
            "hashes": {
                "sha256": "d3ff7f14ed32e364dd5fbba8e213d66e827befb00de5f9ea6f144869e811aebf",
                "md5": "60db2097a2f2022c9ed4f1b3641f647d",
                "blake2b_256": "3fd6a6c4cb30258011fdfe2a1dd0b5086b35ece26cbb4fbd94549ef388676b00"
            }
        },
        {
            "filename": "proxy_check_i-0.1.0.tar.gz",
            "hashes": {
                "md5": "47b608ef1bb0133a43583bd56aa15920",
                "sha256": "eac076dd2942038a9a40963d429b77755baaf6b06b71f237a12b4d76a48cc57f",
                "blake2b_256": "93841f5f847c4b5f95e73df6abb3af40c7a2a92fa04bf6dac7b18e7a6d3fb78b"
            }
        }
    ]
}
cwes
[
    {
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature."
    },
    {
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/proxy-check-i/MAL-2026-10100.json"