Which versions of ark-vmp-reverse are malicious?

The following PyPI versions of ark-vmp-reverse are flagged malicious: 0.0.1. Treat any of these as compromised.

How do I remediate ark-vmp-reverse if I installed it?

ark-vmp-reverse is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed ark-vmp-reverse — how do I know if it already compromised me?

If ark-vmp-reverse was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is ark-vmp-reverse part of a known attack campaign?

Yes — ark-vmp-reverse is associated with the RLMA-2025-02556, 2025-04-byted-torch-monitor, RLUA-2026-00074 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find ark-vmp-reverse across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for ark-vmp-reverse (version 0.0.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging ark-vmp-reverse across your stack and pipelines.

Malicious package

ark-vmp-reversePyPI

Malicious code in ark-vmp-reverse (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2025-4206

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall ark-vmp-reverse

What this malware does

During installation, a website with the current working dir is being called. It looks like something between spam and pentest as the website is most probably not in the control of the uploader. The package has no other purpose

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: 2025-04-byted-torch-monitor

Reasons (based on the campaign):

The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

Malicious versions

1 flagged

0.0.1

Indicators of compromise (SHA-256)

8fdbaf1183edd2954426713803e533cf0ab20bac3982d9e23d8191909f8bdd1f

90046ff5f3c41eb4975fed4ccfe40f87acc4496d0b88ca6f749f37749dec6cca

28ac22df743a6a65eed4d1d25f66c0f3eb42c5235dc749a84162883d313bd415

ed38c839c742bd7cde749dbf44910608fc162c878d91a8bbdc78d589c567e441

fa12970817df799142da7df6b257219e823c53f222cdea818d32b624cdbcc34d

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for ark-vmp-reverse (version 0.0.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging ark-vmp-reverse across your stack and pipelines.
If you installed it — respond
ark-vmp-reverse is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If ark-vmp-reverse was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks ark-vmp-reverse before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. ark-vmp-reverse on PyPI has been identified as a malicious package (version 0.0.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2025-025562025-04-byted-torch-monitorRLUA-2026-00074

References

bad-packages.kam193.eu

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks ark-vmp-reverse-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring