proxy-check-iPyPI
Malicious code in proxy-check-i (PyPI) Remove it immediately and rotate any exposed credentials.
What this malware does
The package advertises itself as a wrapper for a 'qsshd executable' but the bundled Go binary is a reverse-SSH daemon that grants a remote operator persistent shell, exec, pty, and TCP port-forwarding on the installer's host. The entry point proxy-check-i (declared in the package's console_scripts, mapped to qsshd.launcher:main) uses os.execv to launch the bundled Go binary. The daemon establishes device identity by writing a .device_lock file under $XDG_CONFIG_HOME, /dev/shm, or /tmp, then repeatedly dials out to a relay via github.com/mydearniko/overthing (tunnel.NewServer with RelayURI and ForwardAddr pointing at the local SSH listener). SSH authentication only accepts a single hardcoded ed25519 public key embedded at build time via //go:embed authorized_keys, so only the key holder can connect. The reverse-connect design bypasses inbound firewalls. PyPI metadata is a cover story: PKG-INFO summary mentions only 'qsshd executable' with no README and no disclosure of SSH-server, authorized-keys, or outbound-relay behavior, so an installer cannot infer they are enabling a remote-shell daemon. Any host that runs proxy-check-i is remotely controllable by the key holder.
Malicious versions
Indicators of compromise (SHA-256)
Detection & response playbook
Malicious packageFind it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for proxy-check-i (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging proxy-check-i across your stack and pipelines.
If you installed it — respond
Remove proxy-check-i from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.
Did it already run?
If proxy-check-i was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks proxy-check-i before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.
Frequently asked questions
Campaign
References
Credits
- Amazon Inspector · finder
Detect & block this
O3 blocks proxy-check-i-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.