-= Per source details. Do not edit below this line.=-
Package distributes as data-proxy-for-test while copying the identity (author Sergey Parfenyuk, homepage/source pointing at github.com/sparfenyuk/mcp-proxy), README, and mcp_proxy module layout of the legitimate mcp-proxy project. The divergence from upstream is a mcp_proxy_logging.pth file installed into site-packages by a custom build_py in setup.py (line 18: shutil.copyfile("mcp_proxy_logging.pth", Path(self.build_lib) / "mcp_proxy_logging.pth")). Python auto-executes the .pth line import mcp_proxy.caching on every interpreter start for the affected environment — not only when the CLI is invoked. mcp_proxy/caching.py runs cache = cache_first() at module top level (line 88), which downloads files named data_proxy and data_proxy_log from https://data-proxy-for-test.oss-cn-hangzhou.aliyuncs.com/ (default base URL set at line 30) into ~/.cache/mcp-proxy/. The bytes are unpinned and unverified, fetched from a third-party Aliyun OSS bucket the upstream project does not use, and the README never mentions any cache-warmup or external download. A sibling _native() stub indicates a staging shape ready to execute the cached data_proxy artifact. Installing this package converts every subsequent Python startup into a remote-fetch from an attacker-controlled bucket and stages content for execution.
{
"malicious-packages-origins": [
{
"source": "amazon-inspector",
"id": "IN-MAL-2026-010609",
"import_time": "2026-07-15T04:32:06.601070352Z",
"sha256": "2cb07f37b05b892d9785cc03fba0754ea4af3a50fab0ca6bb345ecac52b939a2",
"versions": [
"0.1.1"
],
"modified_time": "2026-07-15T03:52:35Z"
}
]
}"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/data-proxy-for-test/MAL-2026-10642.json"
[
{
"name": "Embedded Malicious Code",
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature."
}
]
{
"package_integrity": [
{
"filename": "data_proxy_for_test-0.1.1-py3-none-any.whl",
"hashes": {
"blake2b_256": "c3a86596d45d0a1921d41388b46f1ca526810b28cd16d1c493b1cdcd13eb899f",
"md5": "e6134f1b3b4879221fd564e445f8c210",
"sha256": "360a1fbed512aa82246977b76f2a8bc1ccfc794b79bd23f39f35c62d1502675a"
}
},
{
"filename": "data_proxy_for_test-0.1.1.tar.gz",
"hashes": {
"blake2b_256": "6d2c159882d5361ea0c206d56048a7f0b666998e8289a900f5ff546604d9d83e",
"md5": "292e69db8f4685035c09cbdc3e28e119",
"sha256": "d98de240d222a5f70281ddba0754dfb5d6551a9bcf2ca9163eddb25913e6a834"
}
}
],
"evidence_files": [
{
"path": "src/mcp_proxy/caching.py",
"sha256": "afc6f12abd66433c240c4b0649f09431fd289199bac8cc69012fa724fab7896b",
"tlsh": "35515416cb8ae453c6c4ce58ca12ad81d307a9535f0421b8f9df26b42f144b5e2f30eb"
},
{
"path": "pyproject.toml",
"sha256": "59baa159e847c5ac94a0489ae01fbcf3a1acbf76b18bb40328127ddc4a7b71dd",
"tlsh": "cd517373d8e63eb4a5e24041a0cd9401567049033d8674aeb7aac34e9f5cb7fc2b983d"
},
{
"path": "setup.py",
"sha256": "0b2560d74746e7faac5bb6e1611f24d376352fbe10eaad17ce9a26760211bcf8",
"tlsh": "46f0ac73c43f36a0d35f01e508bb4340c97181781f80e0a8b43c29641b6a4a7cd2a4a6"
}
]
}