-= Per source details. Do not edit below this line.=-
During installation the package downloads and installs two executables identified as backdoors trojans.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-03-thisismytest123
Reasons (based on the campaign):
Downloads and executes a remote executable.
backdoor
malware
The OpenSSF Package Analysis project identified 'iwantsafecheckit' @ 2.0.0 (pypi) as malicious.
It is considered malicious because:
{
"iocs": {
"urls": [
"http://8.217.174.149:8888/supershell/compile/download/java",
"https://shim.oss-cn-hongkong.aliyuncs.com/shim",
"https://shim.oss-cn-hongkong.aliyuncs.com/shim.conf"
]
},
"malicious-packages-origins": [
{
"versions": [
"2.0.0"
],
"sha256": "c982c88e841ae349f894f45b27e07f7154a252963ec05ff8e9536f46102e6ecf",
"import_time": "2026-03-29T14:15:26.489189423Z",
"modified_time": "2026-03-29T13:35:48.567367Z",
"id": "pypi/2026-03-thisismytest123/iwantsafecheckit",
"source": "kam193"
},
{
"sha256": "388915d99ad3e370a59631112b6a0b784801e257e13f0f9855a2a340c4f068f0",
"import_time": "2026-03-29T22:10:45.900222856Z",
"modified_time": "2026-03-29T13:31:21Z",
"source": "ossf-package-analysis",
"versions": [
"2.0.0"
]
}
]
}