MAL-2026-10759

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/ryry-cli/MAL-2026-10759.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-10759
Published
2026-07-16T18:39:47Z
Modified
2026-07-16T19:20:03.264202410Z
Summary
Malicious code in ryry-cli (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (4a305ba94c92b6ec62aaf627fc1213d9e37e1645f37fd033f61c7becaba71edd)

ryry-cli runs as a long-lived agent that connects to a hardcoded WebSocket at wss://api.dalipen.com/aigc/task/connect and executes Python scripts under subprocess.Popen based on task messages sent by that server. During its polling loop it calls aigc/task/getAutoDeployWidget and, for each entry the server returns, runs pip install <server-supplied URL> on arbitrary wheels or downloads a zip and installs its requirements.txt, giving the remote endpoint unattended code execution on the host. utils.checkrestart() writes a shell script that runs apt-get update && apt-get upgrade && apt-get install -y... and pip install -U ryry-cli and schedules it via at now + 1 minutes or Windows schtasks, mutating system packages and self-upgrading the CLI outside the user's package manager. taskUtils posts JSON payloads containing socket.gethostname() and a MAC/CPU-serial-derived device id, plus task log files, to a hardcoded WeChat work webhook at qyapi.weixin.qq.com/cgi-bin/webhook/send with an embedded key. A server-supplied Mihomo/Clash subscription URL fetched from aigc/task/config is applied by proxymanager to route the agent's outbound traffic through an author-controlled proxy configuration. The package also embeds base64-encoded Aliyun OSS access-key ID and secret (utils.K1/K2) that are decoded at runtime and used to PUT files to the author's p-template-hk / p-upload-gz buckets.

Database specific
{
    "malicious-packages-origins": [
        {
            "source": "amazon-inspector",
            "sha256": "0f7442ffccbf15fb45fc58c95556658f0070d3f0fdb3956bb5a3afa2b0cf4be2",
            "versions": [
                "6.28"
            ],
            "import_time": "2026-07-16T18:54:01.920320516Z",
            "id": "IN-MAL-2026-010736",
            "modified_time": "2026-07-16T18:39:47Z"
        },
        {
            "source": "amazon-inspector",
            "sha256": "4a305ba94c92b6ec62aaf627fc1213d9e37e1645f37fd033f61c7becaba71edd",
            "versions": [
                "6.26"
            ],
            "import_time": "2026-07-16T18:54:03.197473131Z",
            "id": "IN-MAL-2026-010761",
            "modified_time": "2026-07-16T18:43:31Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / ryry-cli

Package

Affected ranges

Affected versions

6.*
6.26
6.28

Database specific

cwes
[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    },
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
indicators
{
    "evidence_files": [
        {
            "tlsh": "83d2525194255812d2938c6f88e6a2432b377d4b9d0c2429fdfca1785f842b7d1f2fea",
            "sha256": "2d8569abb9a5210a80945c175d07d107923861cde55656a6b3a887fde679f043",
            "path": "ryry/ryry_server_socket.py"
        },
        {
            "tlsh": "619284455c29842256f29f5cac168541f32753efe6253d02be9ca5902fb00ead372baf",
            "sha256": "0b64aa8ddeb7ede6456472d63bd5d23006d61b75f62e4e52e9b7bb01e57f8312",
            "path": "ryry/ryry_widget.py"
        },
        {
            "tlsh": "c482a448d805a421c7d2e1bc88599601ab787d1b660a2c64bdcc61bc7f842b7f1f77ed",
            "sha256": "5ab50879bcbb4b2ee56a2ce82f9e0ac1413fa303d77717f66d64ccf290cb1a32",
            "path": "ryry/ryry_webapi.py"
        },
        {
            "tlsh": "5db2a455ad699c22c787e12c68a7a15653a97c070e046c38bcdc52b81f8f5b8c2f47fe",
            "sha256": "e126810821a4984fc288cd31b38d92fd034f7798b11b1f3195155e849f187519",
            "path": "ryry/utils.py"
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/ryry-cli/MAL-2026-10759.json"