Which versions of anthropy are malicious?

The following PyPI versions of anthropy are flagged malicious: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6. Treat any of these as compromised.

How do I remediate anthropy if I installed it?

Remove anthropy from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is anthropy part of a known attack campaign?

Yes — anthropy is associated with the 2026-06-anthropy, IN-MAL-2026-005446 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect anthropy in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking anthropy and packages like it before any post-install script runs.

Malicious package

anthropyPyPI

Malicious code in anthropy (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2026-5273

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall anthropy

What this malware does

The package anthropy is a one-character typosquat of the legitimate anthropic PyPI SDK. The sole module anthropy.py executes a classic Python reverse shell at import time: it opens a TCP socket to 54.176.251.240:9001, duplicates the socket file descriptor over stdin/stdout/stderr, and spawns an interactive sh via pty.spawn. The same payload also fires when the anthropy console script declared in pyproject.toml is invoked. The package ships no API surface matching its name (project summary is just 'hello world') — its only behavior is the reverse shell. Any developer who mistypes pip install anthropic and then imports the package, or runs the installed CLI, hands an interactive shell on their machine to the operator of 54.176.251.240.

During import, the package starts a reverse shell

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-anthropy

Reasons (based on the campaign):

The package contains code to create a reverse shell, allowing an attacker to execute any commands on the victim's machine.

Malicious versions

6 flagged

0.0.10.0.20.0.30.0.40.0.50.0.6

Indicators of compromise (SHA-256)

4f399f7bce64b482a85876e01829154fd6031d69466c7d46543f1126eb12f854

cf774c2d1d55008cff219c973440ec6636c8191921995c31009b9cb114acf477

8fa5e8904e682bfc10273961eb25b914c8d79b89e2a6c923c32bb9b3233d41c2

Frequently asked questions

No. anthropy on PyPI has been identified as a malicious package (versions 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

2026-06-anthropyIN-MAL-2026-005446

References

Credits

Amazon Inspector · finder
Kamil Mańkowski (kam193) · reporter

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection