-= Per source details. Do not edit below this line.=-
During import, the package starts a reverse shell
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-06-anthropy
Reasons (based on the campaign):
{
"iocs": {
"domains": [
"dns.subtrace.xyz",
"subtrace.xyz"
],
"ips": [
"54.176.251.240"
]
},
"malicious-packages-origins": [
{
"versions": [
"0.0.6"
],
"id": "pypi/2026-06-anthropy/xfoofoox",
"modified_time": "2026-06-08T22:31:36.219895Z",
"import_time": "2026-06-08T23:01:22.272011201Z",
"sha256": "94e46dfacc8ffb015e2258d96dedda0eebb7118144ace7021794c88b319ade14",
"source": "kam193"
}
]
}