What does the b10connoisseur malware do?

During installation, package attempts to enumerate the environment and exfiltrates potentially sensitive data to a hardcoded location. Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-02-b10connoisseur Reasons (based on the campaign): - exfiltration-generic - exfiltration-env-variables - The package overrides the install command in setup.py to execute malicious code during installation. The OpenSSF Package Analysis project identified 'b10connoisseur' @ 0.12.0 (pypi) as malicious. It is considered malicious because: - The package executes one or more commands associated with malicious behavior.

How do I remediate b10connoisseur if I installed it?

b10connoisseur is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed b10connoisseur — how do I know if it already compromised me?

If b10connoisseur was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is b10connoisseur part of a known attack campaign?

Yes — b10connoisseur is associated with the 2026-02-b10connoisseur, RLMA-2026-00132, RLUA-2026-01677 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find b10connoisseur across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for b10connoisseur (23 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging b10connoisseur across your stack and pipelines.

Malicious package

b10connoisseurPyPI

Malicious code in b10connoisseur (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2026-870

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall b10connoisseur

What this malware does

During installation, package attempts to enumerate the environment and exfiltrates potentially sensitive data to a hardcoded location.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-02-b10connoisseur

Reasons (based on the campaign):

exfiltration-generic
exfiltration-env-variables
The package overrides the install command in setup.py to execute malicious code during installation.

The OpenSSF Package Analysis project identified 'b10connoisseur' @ 0.12.0 (pypi) as malicious.

It is considered malicious because:

The package executes one or more commands associated with malicious behavior.

Malicious versions

23 flagged

0.1.00.2.00.3.00.4.00.5.00.12.00.13.00.14.00.17.00.18.00.19.00.20.00.21.00.22.00.23.00.24.00.25.00.26.00.27.00.28.00.29.00.30.00.31.0

Indicators of compromise (SHA-256)

3b004210d186f2b625699f4d863f3ba95407f836eadfee0168be63f85124b5b7

3369b11f9021c7525dff320384476ab4d3a36616841349d59cb21ba753f4f515

54e2c9647c748554e39f34a8fd528013199afc3ce98a72df3ecff5d999003eae

63b61417c187ba7526127de5da1e9382570f5d886dd6562eda2e93e24d0c5820

0d6d00e0ece09621e555fe53fb5cc483f65e31866649fbe201fd4bf59edc690e

1bb25b00f95ef2c6e722499a681240560850314f17f8881d51846f3c53957755

77dd4939c36efc50d4f211e40b1df3e13e5775cc7c6362e778393aea232baead

c68420d96717961e267ab236270c5f6c5d01837d430054b00c9e4704d9f2de51

178496344d1882e4e35e5b0041d82f48a492b27e21d5587f5ee24170d78a2706

37e278994fea44b8b5112f9a008ba6134b6b386c6994b6ac32a25ba1e1ea0f53

c734377588989b8ed547518a07d2d0fd2e92265be0539f4432d06b994e9e6d17

2bb1467d52a9281532f2dc74876d141108342b71182e6cc72e83921bd37339c7

730c86ba10d4e9647106d3d5e4191ec26d5e074240d88c02787c81071cd64452

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for b10connoisseur (23 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging b10connoisseur across your stack and pipelines.
If you installed it — respond
b10connoisseur is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If b10connoisseur was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks b10connoisseur before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. b10connoisseur on PyPI has been identified as a malicious package (versions 0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.12.0, 0.13.0, 0.14.0, and 15 more flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

2026-02-b10connoisseurRLMA-2026-00132RLUA-2026-01677

References

bad-packages.kam193.eu

Credits

Kamil Mańkowski (kam193) · analyst
OpenSSF: Package Analysis · finder
ReversingLabs · finder

Detect & block this

O3 blocks b10connoisseur-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring