pypi

proxy-check-ii @0.1.0

Vulnerability report · Last retrieved from osv.dev July 15, 2026 at 3:50 AM UTC

Malicious

OSV ID

MAL-2026-10610

Ecosystem

pypi

Summary

The embedded binary starts a relayed SSH-like server using a hardcoded authorized_key. Thanks to using a relay network, the attacked does not need to directly expose ports from the machine. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-07-proxy-check-i Reasons (based on the campaign): - backdoor - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.

Source: kam193 (8a222abeb680e48d3cffbdeb7f0d6cba713b023d825b2c42c7a849b36b2fe0a5)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.