Which versions of anrok are malicious?

The following PyPI versions of anrok are flagged malicious: 0.1.1. Treat any of these as compromised.

How do I remediate anrok if I installed it?

anrok is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed anrok — how do I know if it already compromised me?

If anrok was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is anrok part of a known attack campaign?

Yes — anrok is associated with the RLMA-2025-04744, 2025-08-k7eel, RLUA-2026-00068 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find anrok across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for anrok (version 0.1.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging anrok across your stack and pipelines.

Malicious package

anrokPyPI

Malicious code in anrok (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2025-47745

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall anrok

What this malware does

Importing the module downloads and executes widely recognized malware

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-08-k7eel

Reasons (based on the campaign):

Downloads and executes a remote executable.
malware

Malicious versions

1 flagged

0.1.1

Indicators of compromise (SHA-256)

f2f8780d3bdb47a9c1beaf2b24572c01ba3999f8739424b36bf9e2731018159a

b3aaa66c1fa59cf40f71860132d36ecbde83fcd80b09581b25421ea6c68317be

b5854a1605e38893db27e5a757ab744d3d53f0a203b59a70faf53545636d7fca

a6824b071cf7dde643ffd500c8928cab34f81033e0505dcae2dbb4693abac77d

9db3f0838b31b584b5296822377bf4e44fe2febc7cdebde922cc24721bd1422b

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for anrok (version 0.1.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging anrok across your stack and pipelines.
If you installed it — respond
anrok is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If anrok was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks anrok before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. anrok on PyPI has been identified as a malicious package (version 0.1.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2025-047442025-08-k7eelRLUA-2026-00068

References

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks anrok-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring