Which versions of aliyun-ai-labs-snippets-sdk are malicious?

The following PyPI versions of aliyun-ai-labs-snippets-sdk are flagged malicious: 1.0.0, 2.0.0, 2.1.0. Treat any of these as compromised.

How do I remediate aliyun-ai-labs-snippets-sdk if I installed it?

aliyun-ai-labs-snippets-sdk is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed aliyun-ai-labs-snippets-sdk — how do I know if it already compromised me?

If aliyun-ai-labs-snippets-sdk was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is aliyun-ai-labs-snippets-sdk part of a known attack campaign?

Yes — aliyun-ai-labs-snippets-sdk is associated with the RLMA-2025-02993, 2025-05-ai-labs-snippets-sdk, RLUA-2025-06552, RLUA-2026-00057 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find aliyun-ai-labs-snippets-sdk across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for aliyun-ai-labs-snippets-sdk (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging aliyun-ai-labs-snippets-sdk across your stack and pipelines.

Malicious package

aliyun-ai-labs-snippets-sdkPyPI

Malicious code in aliyun-ai-labs-snippets-sdk (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2025-5096

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall aliyun-ai-labs-snippets-sdk

What this malware does

During the importing, it loads a file pretending to an AI model. This file contains pickle-serialized code that exfiltrates data (basic IP/username info, as well as .gitconfig) to a remote target.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-05-ai-labs-snippets-sdk

Reasons (based on the campaign):

The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
exfiltration-generic
impersonation

Malicious versions

3 flagged

1.0.02.0.02.1.0

Indicators of compromise (SHA-256)

09496bdfd919482ae61650986520dcddefcc4bfb59d096a3d08b9d8d87201570

8d5c6c189f541e861379203e450c284ab9d8fa81eccaeb03d8abad076e8f1954

459b9313aa2d453392e97f619a0ffb2898c3b90700e72dcb2cde4d1a1b97b1ac

c0224ee10c119727e17c4442ea2e501218589bcfd621e195ed4d4fa011d7dbac

5ef61ced1119a091ad615414ea163fd85456d449b612e8c5508da1cff9796669

f082f98216f081d7b498cd2dbd7df7e333e2ba9acd6cc8bfa12e488bcc4507c3

9c1355c281750ba7eb9c46080699ee679876c5df96ef500060960a79f39d7d03

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for aliyun-ai-labs-snippets-sdk (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging aliyun-ai-labs-snippets-sdk across your stack and pipelines.
If you installed it — respond
aliyun-ai-labs-snippets-sdk is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If aliyun-ai-labs-snippets-sdk was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks aliyun-ai-labs-snippets-sdk before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. aliyun-ai-labs-snippets-sdk on PyPI has been identified as a malicious package (versions 1.0.0, 2.0.0, 2.1.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2025-029932025-05-ai-labs-snippets-sdkRLUA-2025-06552RLUA-2026-00057

References

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks aliyun-ai-labs-snippets-sdk-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring