-= Per source details. Do not edit below this line.=-
ryry-cli runs as a long-lived agent that connects to a hardcoded WebSocket at wss://api.dalipen.com/aigc/task/connect and executes Python scripts under subprocess.Popen based on task messages sent by that server. During its polling loop it calls aigc/task/getAutoDeployWidget and, for each entry the server returns, runs pip install <server-supplied URL> on arbitrary wheels or downloads a zip and installs its requirements.txt, giving the remote endpoint unattended code execution on the host. utils.checkrestart() writes a shell script that runs apt-get update && apt-get upgrade && apt-get install -y... and pip install -U ryry-cli and schedules it via at now + 1 minutes or Windows schtasks, mutating system packages and self-upgrading the CLI outside the user's package manager. taskUtils posts JSON payloads containing socket.gethostname() and a MAC/CPU-serial-derived device id, plus task log files, to a hardcoded WeChat work webhook at qyapi.weixin.qq.com/cgi-bin/webhook/send with an embedded key. A server-supplied Mihomo/Clash subscription URL fetched from aigc/task/config is applied by proxymanager to route the agent's outbound traffic through an author-controlled proxy configuration. The package also embeds base64-encoded Aliyun OSS access-key ID and secret (utils.K1/K2) that are decoded at runtime and used to PUT files to the author's p-template-hk / p-upload-gz buckets.
{
"malicious-packages-origins": [
{
"source": "amazon-inspector",
"sha256": "0f7442ffccbf15fb45fc58c95556658f0070d3f0fdb3956bb5a3afa2b0cf4be2",
"versions": [
"6.28"
],
"import_time": "2026-07-16T18:54:01.920320516Z",
"id": "IN-MAL-2026-010736",
"modified_time": "2026-07-16T18:39:47Z"
},
{
"source": "amazon-inspector",
"sha256": "4a305ba94c92b6ec62aaf627fc1213d9e37e1645f37fd033f61c7becaba71edd",
"versions": [
"6.26"
],
"import_time": "2026-07-16T18:54:03.197473131Z",
"id": "IN-MAL-2026-010761",
"modified_time": "2026-07-16T18:43:31Z"
}
]
}[
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
}
]
{
"evidence_files": [
{
"tlsh": "83d2525194255812d2938c6f88e6a2432b377d4b9d0c2429fdfca1785f842b7d1f2fea",
"sha256": "2d8569abb9a5210a80945c175d07d107923861cde55656a6b3a887fde679f043",
"path": "ryry/ryry_server_socket.py"
},
{
"tlsh": "619284455c29842256f29f5cac168541f32753efe6253d02be9ca5902fb00ead372baf",
"sha256": "0b64aa8ddeb7ede6456472d63bd5d23006d61b75f62e4e52e9b7bb01e57f8312",
"path": "ryry/ryry_widget.py"
},
{
"tlsh": "c482a448d805a421c7d2e1bc88599601ab787d1b660a2c64bdcc61bc7f842b7f1f77ed",
"sha256": "5ab50879bcbb4b2ee56a2ce82f9e0ac1413fa303d77717f66d64ccf290cb1a32",
"path": "ryry/ryry_webapi.py"
},
{
"tlsh": "5db2a455ad699c22c787e12c68a7a15653a97c070e046c38bcdc52b81f8f5b8c2f47fe",
"sha256": "e126810821a4984fc288cd31b38d92fd034f7798b11b1f3195155e849f187519",
"path": "ryry/utils.py"
}
]
}
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/ryry-cli/MAL-2026-10759.json"