MAL-2026-4772
Vulnerability from ossf_malicious_packages
Published
2026-05-20 17:54
Modified
2026-05-20 17:54
Summary
Malicious code in txdpy (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (767f0e720df9d2dd670fc9c607db01794649653be89daa42f01dfe34a69a8ecd)

The package exports a 发送邮件 (send_email) function whose default sender, recipient, and SMTP auth code are hardcoded to the author's QQ account. In txdpy/发送邮件.py lines 14-17, sender_email defaults to '3215176932@qq.com', receiver_email defaults to 'xdsndy@qq.com', and password defaults to the embedded QQ SMTP authorization code. A caller invoking this documented API with the minimal signature (subject and body only) silently delivers their message content to the author's inbox via smtp.qq.com using the author's credentials — the API's advertised purpose (generic email sending) does not match its actual behavior (relaying to a fixed author-controlled mailbox). The function is re-exported from init.py, making it part of the package's public surface. Additionally, txdpy/翻译.py:18-20 ships the author's Baidu Translate API credentials (appid 20220712001270949 + secret_key) — author self-harm rather than installer harm, but corroborates a pattern of careless credential handling. A separate quality issue: pyndjs.py:74 evaluates os.popen('where node') as a function default argument, causing shell execution at import time.

CWE
  • CWE-506 - The product contains code that appears to be malicious in nature.
Credits
Amazon Inspector actran@amazon.com
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "cwes": [
          {
            "cweId": "CWE-506",
            "description": "The product contains code that appears to be malicious in nature.",
            "name": "Embedded Malicious Code"
          }
        ],
        "indicators": {
          "evidence_files": [
            {
              "path": "txdpy/\u53d1\u9001\u90ae\u4ef6.py",
              "sha256": "af4d7a0b645703f9d8a60f2363cf33d78c31e6f03348966f0b382b2320ae3af4",
              "tlsh": "f5219c056e9b2caf21fae187f416a404eadc10032a385664f4186e1e3f3be1722517ba"
            },
            {
              "path": "txdpy/\u7ffb\u8bd1.py",
              "sha256": "38d29739be980985a1d2d86945efb0d81936054d3865706adcbcb84fb8ba6094",
              "tlsh": "1c118c219c26600590b1d52e62d67c14d03fe5025bd86f377b5dd51b1f7315939f8a4c"
            },
            {
              "path": "txdpy/pyndjs.py",
              "sha256": "3232898209de9a56fc49e0c1c73dc0d9f0fd920e1a3bb95505f98e924ece09e6",
              "tlsh": "54c1a6057c663a2481b3ba251847090ae17d6bb388e870e9fbddc1e11f75c18427af7e"
            }
          ],
          "package_integrity": [
            {
              "filename": "txdpy-2026.5-py3-none-any.whl",
              "hashes": {
                "blake2b_256": "a4c00487cef669b5d71f50705b094932779228aead9662334183d583c8f4493e",
                "md5": "26e1296dae3ecf1d0ca83bb8dd425faf",
                "sha256": "d15e1268b13116f914a1ce91610d8530bf1a2cac4ea364c139b5be7aba6ea920"
              }
            },
            {
              "filename": "txdpy-2026.5.tar.gz",
              "hashes": {
                "blake2b_256": "f2df556a3161181a4fb17421b7427a4489056d819bd11d477c3b5b3f67ab2dda",
                "md5": "355f8d80f4729bd1327b9797430bc945",
                "sha256": "f71b126a57a49ac63ee86dde08d976d659a4ddfdb00fa149a406eaeff3ae6fba"
              }
            }
          ]
        }
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "txdpy"
      },
      "versions": [
        "2026.5"
      ]
    }
  ],
  "credits": [
    {
      "contact": [
        "actran@amazon.com"
      ],
      "name": "Amazon Inspector",
      "type": "FINDER"
    }
  ],
  "database_specific": {
    "malicious-packages-origins": [
      {
        "id": "IN-MAL-2026-003581",
        "import_time": "2026-05-26T05:50:54.073724066Z",
        "modified_time": "2026-05-20T17:54:34Z",
        "sha256": "767f0e720df9d2dd670fc9c607db01794649653be89daa42f01dfe34a69a8ecd",
        "source": "amazon-inspector",
        "versions": [
          "2026.5"
        ]
      }
    ]
  },
  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (767f0e720df9d2dd670fc9c607db01794649653be89daa42f01dfe34a69a8ecd)\nThe package exports a \u53d1\u9001\u90ae\u4ef6 (send_email) function whose default sender, recipient, and SMTP auth code are hardcoded to the author\u0027s QQ account. In txdpy/\u53d1\u9001\u90ae\u4ef6.py lines 14-17, sender_email defaults to \u00273215176932@qq.com\u0027, receiver_email defaults to \u0027xdsndy@qq.com\u0027, and password defaults to the embedded QQ SMTP authorization code. A caller invoking this documented API with the minimal signature (subject and body only) silently delivers their message content to the author\u0027s inbox via smtp.qq.com using the author\u0027s credentials \u2014 the API\u0027s advertised purpose (generic email sending) does not match its actual behavior (relaying to a fixed author-controlled mailbox). The function is re-exported from __init__.py, making it part of the package\u0027s public surface. Additionally, txdpy/\u7ffb\u8bd1.py:18-20 ships the author\u0027s Baidu Translate API credentials (appid 20220712001270949 + secret_key) \u2014 author self-harm rather than installer harm, but corroborates a pattern of careless credential handling. A separate quality issue: pyndjs.py:74 evaluates os.popen(\u0027where node\u0027) as a function default argument, causing shell execution at import time.\n",
  "id": "MAL-2026-4772",
  "modified": "2026-05-20T17:54:34Z",
  "published": "2026-05-20T17:54:34Z",
  "references": [
    {
      "type": "PACKAGE",
      "url": "https://pypi.org/project/txdpy/2026.5/"
    }
  ],
  "schema_version": "1.7.4",
  "summary": "Malicious code in txdpy (PyPI)"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.