Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
Malicious package

bytedtracePyPI

Malicious code in bytedtrace (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2023-1359
Immediate action
Remove the package, then rotate any secrets the build/runtime could reach.
pip uninstall bytedtrace

What this malware does

The OpenSSF Package Analysis project identified 'bytedtrace' @ 0.1.2 (pypi) as malicious.

It is considered malicious because:

  • The package executes one or more commands associated with malicious behavior.

Malicious versions

9 flagged
0.1.00.1.10.1.20.1.30.1.40.1.50.1.60.1.80.1.9

Indicators of compromise (SHA-256)

0daa5ac7233e9a742ef31e4ba3acaa8bfe5120eb7247f9e0cc20bfd45194cd76
3155f03f890b63eed5baaec240b2b1a7c7b19d2b426c599f253c0b0db51e8226
45ce0e660393e05d6d988b70a83df1ee7303d49a9e7c76ee55d9d85dccd47362
69a6ea92bea6374f23757045ea8ee474f62f6a640014abf762b3cdd0da2dedb2
8d93428c1d0db54b3f2966af04c4a02c514b1f3eb44f0681c6dccbc88d1af928
98f85e99ff849816c10f8a5f6dfcfeb2683a18bf5c84db5bc9d0f853b0a07034
99c6463a796c1dc34ed9430c6f62e385a50982ce5381c125b250556bbaddea8c
c5d7a182be84cc13fbe92517067794e7aa073ce97ed6a91cf6ef8c6d594b57ed
d35fefa29ec9e6392d0d2abafb9a9874c3c2e76b942ee2716efd2b2bfa27cbaa

Detection & response playbook

Malicious package

  1. Find it

    Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for bytedtrace (9 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging bytedtrace across your stack and pipelines.

  2. If you installed it — respond

    Remove bytedtrace from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.

  3. Did it already run?

    If bytedtrace was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

  4. How O3 protects you

    O3 blocks bytedtrace before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. bytedtrace on PyPI has been identified as a malicious package (versions 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.8, and 1 more flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Credits

  • OpenSSF: Package Analysis · finder

Detect & block this

O3 blocks bytedtrace-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.

Malware detection Runtime egress monitoring
bytedtrace (PyPI) malicious package — MAL-2023-1359 | O3 Security