Which versions of bbllaacckkwwoollff are malicious?

The following PyPI versions of bbllaacckkwwoollff are flagged malicious: 0.1, 0.2, 0.3, 0.4. Treat any of these as compromised.

How do I remediate bbllaacckkwwoollff if I installed it?

bbllaacckkwwoollff is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed bbllaacckkwwoollff — how do I know if it already compromised me?

If bbllaacckkwwoollff was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is bbllaacckkwwoollff part of a known attack campaign?

Yes — bbllaacckkwwoollff is associated with the RLMA-2025-02489, 2025-03-blackwolf, RLUA-2026-00136 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find bbllaacckkwwoollff across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for bbllaacckkwwoollff (4 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging bbllaacckkwwoollff across your stack and pipelines.

Malicious package

bbllaacckkwwoollffPyPI

Malicious code in bbllaacckkwwoollff (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2025-3430

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall bbllaacckkwwoollff

What this malware does

During installation, the code either exfiltrate some information about the system or download and execute remote code

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-03-blackwolf

Reasons (based on the campaign):

The package overrides the install command in setup.py to execute malicious code during installation.
exfiltration-generic
Downloads and executes a remote malicious script.

Malicious versions

4 flagged

0.10.20.30.4

Indicators of compromise (SHA-256)

4a6099a0ccf7b1beb4b9c3421574e9a0180f59097a978b3f9a976c9f83776498

acf485ec63821cd26268e780163b40867ac872945515407742bbaf91f33e989f

2507dd4c5b3b3c1fae3213243ff0a27b71955dfbb39069f677660e025ac08f0d

97c3dfb5dab9bacdc7c30ccbb4100b27ff529ea9d345498d7ab464fa8c0d7614

9e421c9f77c2db3e14f7decf94913607a81b71b2b8a4016fc0344c9521d5f302

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for bbllaacckkwwoollff (4 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging bbllaacckkwwoollff across your stack and pipelines.
If you installed it — respond
bbllaacckkwwoollff is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If bbllaacckkwwoollff was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks bbllaacckkwwoollff before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. bbllaacckkwwoollff on PyPI has been identified as a malicious package (versions 0.1, 0.2, 0.3, 0.4 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2025-024892025-03-blackwolfRLUA-2026-00136

References

bad-packages.kam193.eu

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks bbllaacckkwwoollff-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring