Which versions of ai-labs-snippets-sdk are malicious?

The following PyPI versions of ai-labs-snippets-sdk are flagged malicious: 0.1.0, 1.1.0, 1.2.0, 2.0.0, 2.2.0, 3.0.0, 3.2.0, 3.3.0, 3.4.0, 3.5.0, 4.0.0, 4.4.0. Treat any of these as compromised.

How do I remediate ai-labs-snippets-sdk if I installed it?

ai-labs-snippets-sdk is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed ai-labs-snippets-sdk — how do I know if it already compromised me?

If ai-labs-snippets-sdk was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is ai-labs-snippets-sdk part of a known attack campaign?

Yes — ai-labs-snippets-sdk is associated with the RLMA-2025-02991, 2025-05-ai-labs-snippets-sdk, RLUA-2025-06547, RLUA-2026-00038 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find ai-labs-snippets-sdk across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for ai-labs-snippets-sdk (12 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging ai-labs-snippets-sdk across your stack and pipelines.

Malicious package

ai-labs-snippets-sdkPyPI

Malicious code in ai-labs-snippets-sdk (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2025-5094

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall ai-labs-snippets-sdk

What this malware does

During the importing, it loads a file pretending to an AI model. This file contains pickle-serialized code that exfiltrates data (basic IP/username info, as well as .gitconfig) to a remote target.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-05-ai-labs-snippets-sdk

Reasons (based on the campaign):

The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
exfiltration-generic
impersonation

Malicious versions

12 flagged

0.1.01.1.01.2.02.0.02.2.03.0.03.2.03.3.03.4.03.5.04.0.04.4.0

Indicators of compromise (SHA-256)

8ea33940044bd0ea7c104ddca0cf9d141453b409c051b03eb8ad9a32f3f893d9

e43dae089e7faf080a6aacd1b4770b9aa60ff422ca3a891c06e0af9b6a293831

2d5d4e1e66d1a84969c7af5822efb6e894abc0d263c87f583bf45591d216b85a

03a5ee72cf6685542de120996a482a30c2a78bc2f178d51de4e76069f46ec910

52ac50c031e1105e44eaef571a2a22b59f721e0df4e1e5b630886f762b3c39e6

d46da8220bf219150b40135efceb741c955d6c3ab901be78660ed820ee47a38e

9e6e18dff520b7cff8b326f9e5ff80a1d5a0eb7dae6a5bb852bee8384560c482

89e28f4f46e4e98a4ee019728c9319570e2bfc8f7b55b7645ca2ad3f9907d2c5

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for ai-labs-snippets-sdk (12 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging ai-labs-snippets-sdk across your stack and pipelines.
If you installed it — respond
ai-labs-snippets-sdk is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If ai-labs-snippets-sdk was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks ai-labs-snippets-sdk before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. ai-labs-snippets-sdk on PyPI has been identified as a malicious package (versions 0.1.0, 1.1.0, 1.2.0, 2.0.0, 2.2.0, 3.0.0, 3.2.0, 3.3.0, and 4 more flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2025-029912025-05-ai-labs-snippets-sdkRLUA-2025-06547RLUA-2026-00038

References

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks ai-labs-snippets-sdk-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring