Which versions of cipherflow are malicious?

The following PyPI versions of cipherflow are flagged malicious: 0.1.0, 0.1.1, 0.1.2, 0.1.3. Treat any of these as compromised.

How do I remediate cipherflow if I installed it?

Remove cipherflow from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is cipherflow part of a known attack campaign?

Yes — cipherflow is associated with the IN-MAL-2026-006721, IN-MAL-2026-006720, 2026-06-cipherflow campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect cipherflow in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking cipherflow and packages like it before any post-install script runs.

Malicious package

cipherflowPyPI

Malicious code in cipherflow (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2026-5839

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall cipherflow

What this malware does

cipherflow advertises itself as a zero-dependency pure-Python AES/DES library, but cipherflow/_environ.py contains a multi-layer-obfuscated payload that is decoded and passed directly to exec(). The blob is base85-decoded, XOR'd against a 32-byte key, then zlib-decompressed before being executed: exec(zlib.decompress(bytes(__[i]^_[i%len(_)] for i in range(len(__)))).decode()) with __ = base64.b85decode(b'MJ*(r4W!?y...'). This payload is exposed via cipherflow.setup_env() (declared in all), whose docstring translates to 'download and execute external environment'. The function is not mentioned anywhere in the README/PKG-INFO. The combination of triple-stacked encoding (base85 + XOR + zlib) terminating in exec(), placement inside a cover-named module (_environ.py / setup_env), and intentional omission from documentation are canonical signals of hidden malicious code execution. Any consumer who imports cipherflow and invokes setup_env() — or any downstream code that does so — runs whatever bytes the author chose to hide, with full process privileges.

The package contains obfuscated code to download executables from a typosquatted domain.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-cipherflow

Reasons (based on the campaign):

obfuscation
Downloads and executes a remote executable.

Malicious versions

4 flagged

0.1.00.1.10.1.20.1.3

Indicators of compromise (SHA-256)

281ede3c5b3181c2df22a4b32a01453a51ac389a1dfe8bde69d53821cbaf20d4

31690b7dc2576fb3dfe0aae6a5e1893ccd766d080c44dd7fa5e38f4904f809aa

c5572ca4917ed5ce72dfcb7d82abb3a085cdaed9f1992463800826bc18249f91

Frequently asked questions

No. cipherflow on PyPI has been identified as a malicious package (versions 0.1.0, 0.1.1, 0.1.2, 0.1.3 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-006721IN-MAL-2026-0067202026-06-cipherflow

References

Credits

Amazon Inspector · finder
Kamil Mańkowski (kam193) · analyst

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection