{"id":"MAL-2026-7023","summary":"Malicious code in dbzy-tools (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (a0432a46ed92acb897826fc16d26cba900bd3d18f0de5baa7f2909a44d9ec625)\nThe package advertises itself as a network debugging tool but its CLI and modules compose a remote-access toolkit. The `dbzy-tools` console entry calls `core.start(config_url)` which fetches JSON from a caller-supplied URL via urllib, base64-decodes the `payload` field, and passes it to `exec()` with no integrity check — arbitrary Python code from an arbitrary URL runs in the invoking user's context. `server.py` implements a paramiko-based SSH server that binds 0.0.0.0:2222, accepts hardcoded default credentials `root`/`password`, and spawns `/bin/bash -i` as an interactive pty for each authenticated session; paramiko is auto-installed via `pip install` at first import. `frpc.py` downloads an frpc reverse-proxy binary from a caller-supplied URL via `curl`, chmods it 0755, writes a config that tunnels a local port to an operator-chosen remote frps server, and launches it — providing a NAT-piercing path back to the SSH shell. The combination of remote-payload exec, listening SSH-to-bash bridge with default creds, and outbound reverse tunnel is a complete backdoor/RAT toolkit packaged under a benign cover.\n","modified":"2026-07-08T21:46:43.602524194Z","published":"2026-07-08T21:19:06Z","database_specific":{"malicious-packages-origins":[{"id":"IN-MAL-2026-008612","import_time":"2026-07-08T21:27:50.236227047Z","modified_time":"2026-07-08T21:19:06Z","sha256":"a0432a46ed92acb897826fc16d26cba900bd3d18f0de5baa7f2909a44d9ec625","source":"amazon-inspector","versions":["1.0.1"]}]},"references":[{"type":"PACKAGE","url":"https://pypi.org/project/dbzy-tools/1.0.1/"}],"affected":[{"package":{"name":"dbzy-tools","ecosystem":"PyPI","purl":"pkg:pypi/dbzy-tools"},"versions":["1.0.1"],"database_specific":{"cwes":[{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"}],"indicators":{"evidence_files":[{"path":"src/doubao_sandbox/core.py","sha256":"7f2dc81d64de12cfe2e56bf58940d53f9aee8214157d706b77d8950acf86c19d","tlsh":"0001dcc7c40ecc4391a82c06c6a6eab4ee167b9339629d763d54f3e8ab60522d42000a"},{"sha256":"1fb3103a38a5bcd128c07598a39a8f23a98e63464453d956295bd7549169e328","tlsh":"4b610e82dc265c519073c77c8506d621e36a8743ba3b0c177abcdb483f7ed628590eab","path":"src/doubao_sandbox/server.py"},{"tlsh":"35410146cc9f4c0388f9cc5df96b4199fa4d4e1b056b2811386c62a8af78475c1d1c7b","path":"src/doubao_sandbox/frpc.py","sha256":"9df3f915ad5b67abbbd3dcda2938223bf7f32a24bc320e1bd296953ceb75d9a6"}],"package_integrity":[{"filename":"dbzy_tools-1.0.1-py3-none-any.whl","hashes":{"blake2b_256":"91a8bc55c2be9223e8ff7af5124c137aafa2992e636a1eb0c15f02c0bf17f1a8","md5":"97a06a8e07d7e3d991026506a9ff921d","sha256":"381ce565e6b1a2a5bc6ae442554f385ab0019897ee8aef03bfcd58a2a7c37d77"}},{"filename":"dbzy_tools-1.0.1.tar.gz","hashes":{"sha256":"0bf7c522cf982dbe46fafa94f5431a0630026d6487efe7d28ff17fe36b7c3f6f","blake2b_256":"d130f1d3997e24d2f976ad2ff375d192e84a132c6b10653dd368e22c51a183dd","md5":"1ff9f68f37d79d7749860645d71cf847"}}]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/dbzy-tools/MAL-2026-7023.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}