Which versions of asyncaiosignal are malicious?

The following PyPI versions of asyncaiosignal are flagged malicious: 0.3, 0.4, 0.5. Treat any of these as compromised.

How do I remediate asyncaiosignal if I installed it?

asyncaiosignal is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed asyncaiosignal — how do I know if it already compromised me?

If asyncaiosignal was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is asyncaiosignal part of a known attack campaign?

Yes — asyncaiosignal is associated with the RLMA-2025-01935, RLUA-2025-03520, 2025-02-multis, RLUA-2026-00087 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find asyncaiosignal across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for asyncaiosignal (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging asyncaiosignal across your stack and pipelines.

Malicious package

asyncaiosignalPyPI

Malicious code in asyncaiosignal (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2025-2937

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall asyncaiosignal

What this malware does

Infostealer with multiple possibilities, but not auto-activating on installation. There are already multiple attempts to publish it, with different innocent-looking names.

The campaign contains the with Infostealer itself and packages that include it as dependency and triggered.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-02-multis

Reasons (based on the campaign):

infostealer
The malicious code is intentionally included in a dependency of the package

Malicious versions

3 flagged

0.30.40.5

Indicators of compromise (SHA-256)

8875ab520fc8d915df5e087e3a6fae32577d4f55fd29a4135b77385dee479803

90c33ea036403342d65e0fa88616e1475f0b1d156f67adf68c2c852718f8b6a3

4764075428147bbedb89129b6391d245116558d32ce9034d18b6be25658b336f

8c9a16c81ad4cb5cef1907d6b9e4b5b352d53a6918e702610b428a455e799a2f

36ee57298770fd4e3082a3351d218982879ecc5b55de6c7f9c01c5a497716799

166ec74bed9be4b56633666a729febe046b60bd4ea62392c1c86f54e1de1d00a

aefd3c2d8099c71184bfb10e638d91d3b7f31a20a2e5e1b8c37092b23e6119d5

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for asyncaiosignal (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging asyncaiosignal across your stack and pipelines.
If you installed it — respond
asyncaiosignal is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If asyncaiosignal was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks asyncaiosignal before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. asyncaiosignal on PyPI has been identified as a malicious package (versions 0.3, 0.4, 0.5 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2025-01935RLUA-2025-035202025-02-multisRLUA-2026-00087

References

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks asyncaiosignal-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring