MAL-2026-7023

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/dbzy-tools/MAL-2026-7023.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-7023
Published
2026-07-08T21:19:06Z
Modified
2026-07-08T21:46:53.038522712Z
Summary
Malicious code in dbzy-tools (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (a0432a46ed92acb897826fc16d26cba900bd3d18f0de5baa7f2909a44d9ec625)

The package advertises itself as a network debugging tool but its CLI and modules compose a remote-access toolkit. The dbzy-tools console entry calls core.start(config_url) which fetches JSON from a caller-supplied URL via urllib, base64-decodes the payload field, and passes it to exec() with no integrity check — arbitrary Python code from an arbitrary URL runs in the invoking user's context. server.py implements a paramiko-based SSH server that binds 0.0.0.0:2222, accepts hardcoded default credentials root/password, and spawns /bin/bash -i as an interactive pty for each authenticated session; paramiko is auto-installed via pip install at first import. frpc.py downloads an frpc reverse-proxy binary from a caller-supplied URL via curl, chmods it 0755, writes a config that tunnels a local port to an operator-chosen remote frps server, and launches it — providing a NAT-piercing path back to the SSH shell. The combination of remote-payload exec, listening SSH-to-bash bridge with default creds, and outbound reverse tunnel is a complete backdoor/RAT toolkit packaged under a benign cover.

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "a0432a46ed92acb897826fc16d26cba900bd3d18f0de5baa7f2909a44d9ec625",
            "id": "IN-MAL-2026-008612",
            "source": "amazon-inspector",
            "import_time": "2026-07-08T21:27:50.236227047Z",
            "modified_time": "2026-07-08T21:19:06Z",
            "versions": [
                "1.0.1"
            ]
        }
    ]
}
References
Credits

Affected packages

PyPI / dbzy-tools

Package

Affected ranges

Affected versions

1.*
1.0.1

Database specific

indicators
{
    "package_integrity": [
        {
            "filename": "dbzy_tools-1.0.1-py3-none-any.whl",
            "hashes": {
                "md5": "97a06a8e07d7e3d991026506a9ff921d",
                "blake2b_256": "91a8bc55c2be9223e8ff7af5124c137aafa2992e636a1eb0c15f02c0bf17f1a8",
                "sha256": "381ce565e6b1a2a5bc6ae442554f385ab0019897ee8aef03bfcd58a2a7c37d77"
            }
        },
        {
            "filename": "dbzy_tools-1.0.1.tar.gz",
            "hashes": {
                "md5": "1ff9f68f37d79d7749860645d71cf847",
                "blake2b_256": "d130f1d3997e24d2f976ad2ff375d192e84a132c6b10653dd368e22c51a183dd",
                "sha256": "0bf7c522cf982dbe46fafa94f5431a0630026d6487efe7d28ff17fe36b7c3f6f"
            }
        }
    ],
    "evidence_files": [
        {
            "path": "src/doubao_sandbox/core.py",
            "tlsh": "0001dcc7c40ecc4391a82c06c6a6eab4ee167b9339629d763d54f3e8ab60522d42000a",
            "sha256": "7f2dc81d64de12cfe2e56bf58940d53f9aee8214157d706b77d8950acf86c19d"
        },
        {
            "path": "src/doubao_sandbox/server.py",
            "tlsh": "4b610e82dc265c519073c77c8506d621e36a8743ba3b0c177abcdb483f7ed628590eab",
            "sha256": "1fb3103a38a5bcd128c07598a39a8f23a98e63464453d956295bd7549169e328"
        },
        {
            "path": "src/doubao_sandbox/frpc.py",
            "tlsh": "35410146cc9f4c0388f9cc5df96b4199fa4d4e1b056b2811386c62a8af78475c1d1c7b",
            "sha256": "9df3f915ad5b67abbbd3dcda2938223bf7f32a24bc320e1bd296953ceb75d9a6"
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/dbzy-tools/MAL-2026-7023.json"
cwes
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code"
    }
]