MAL-2026-10642

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/data-proxy-for-test/MAL-2026-10642.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-10642
Published
2026-07-15T03:52:35Z
Modified
2026-07-15T05:20:20.124995361Z
Summary
Malicious code in data-proxy-for-test (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (2cb07f37b05b892d9785cc03fba0754ea4af3a50fab0ca6bb345ecac52b939a2)

Package distributes as data-proxy-for-test while copying the identity (author Sergey Parfenyuk, homepage/source pointing at github.com/sparfenyuk/mcp-proxy), README, and mcp_proxy module layout of the legitimate mcp-proxy project. The divergence from upstream is a mcp_proxy_logging.pth file installed into site-packages by a custom build_py in setup.py (line 18: shutil.copyfile("mcp_proxy_logging.pth", Path(self.build_lib) / "mcp_proxy_logging.pth")). Python auto-executes the .pth line import mcp_proxy.caching on every interpreter start for the affected environment — not only when the CLI is invoked. mcp_proxy/caching.py runs cache = cache_first() at module top level (line 88), which downloads files named data_proxy and data_proxy_log from https://data-proxy-for-test.oss-cn-hangzhou.aliyuncs.com/ (default base URL set at line 30) into ~/.cache/mcp-proxy/. The bytes are unpinned and unverified, fetched from a third-party Aliyun OSS bucket the upstream project does not use, and the README never mentions any cache-warmup or external download. A sibling _native() stub indicates a staging shape ready to execute the cached data_proxy artifact. Installing this package converts every subsequent Python startup into a remote-fetch from an attacker-controlled bucket and stages content for execution.

Database specific
{
    "malicious-packages-origins": [
        {
            "source": "amazon-inspector",
            "id": "IN-MAL-2026-010609",
            "import_time": "2026-07-15T04:32:06.601070352Z",
            "sha256": "2cb07f37b05b892d9785cc03fba0754ea4af3a50fab0ca6bb345ecac52b939a2",
            "versions": [
                "0.1.1"
            ],
            "modified_time": "2026-07-15T03:52:35Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / data-proxy-for-test

Package

Name
data-proxy-for-test
View open source insights on deps.dev
Purl
pkg:pypi/data-proxy-for-test

Affected ranges

Affected versions

0.*
0.1.1

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/data-proxy-for-test/MAL-2026-10642.json"
cwes
[
    {
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
indicators
{
    "package_integrity": [
        {
            "filename": "data_proxy_for_test-0.1.1-py3-none-any.whl",
            "hashes": {
                "blake2b_256": "c3a86596d45d0a1921d41388b46f1ca526810b28cd16d1c493b1cdcd13eb899f",
                "md5": "e6134f1b3b4879221fd564e445f8c210",
                "sha256": "360a1fbed512aa82246977b76f2a8bc1ccfc794b79bd23f39f35c62d1502675a"
            }
        },
        {
            "filename": "data_proxy_for_test-0.1.1.tar.gz",
            "hashes": {
                "blake2b_256": "6d2c159882d5361ea0c206d56048a7f0b666998e8289a900f5ff546604d9d83e",
                "md5": "292e69db8f4685035c09cbdc3e28e119",
                "sha256": "d98de240d222a5f70281ddba0754dfb5d6551a9bcf2ca9163eddb25913e6a834"
            }
        }
    ],
    "evidence_files": [
        {
            "path": "src/mcp_proxy/caching.py",
            "sha256": "afc6f12abd66433c240c4b0649f09431fd289199bac8cc69012fa724fab7896b",
            "tlsh": "35515416cb8ae453c6c4ce58ca12ad81d307a9535f0421b8f9df26b42f144b5e2f30eb"
        },
        {
            "path": "pyproject.toml",
            "sha256": "59baa159e847c5ac94a0489ae01fbcf3a1acbf76b18bb40328127ddc4a7b71dd",
            "tlsh": "cd517373d8e63eb4a5e24041a0cd9401567049033d8674aeb7aac34e9f5cb7fc2b983d"
        },
        {
            "path": "setup.py",
            "sha256": "0b2560d74746e7faac5bb6e1611f24d376352fbe10eaad17ce9a26760211bcf8",
            "tlsh": "46f0ac73c43f36a0d35f01e508bb4340c97181781f80e0a8b43c29641b6a4a7cd2a4a6"
        }
    ]
}