Which versions of code-suggester are malicious?

The following PyPI versions of code-suggester are flagged malicious: 1.0.0. Treat any of these as compromised.

How do I remediate code-suggester if I installed it?

code-suggester is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed code-suggester — how do I know if it already compromised me?

If code-suggester was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is code-suggester part of a known attack campaign?

Yes — code-suggester is associated with the RLMA-2025-00447, 2024-12-langer-updater, RLUA-2026-00201 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find code-suggester across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for code-suggester (version 1.0.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging code-suggester across your stack and pipelines.

Malicious package

code-suggesterPyPI

Malicious code in code-suggester (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2025-909

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall code-suggester

What this malware does

During installation, the package collects quite extensive information about the host and has no other purpose. To avoid detection, the real code is put in a ZIP archive and includes also some VM-detection techniques. The malicious code is activated via metaclass set for the "install" command class in setup.py

Over the time, techniques used in packages are slightly changing, including that some of marked packages don't have malicious part, but rather are used only for tests.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-12-langer-updater

Reasons (based on the campaign):

The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
The package overrides the install command in setup.py to execute malicious code during installation.
exfiltration-env-variables
The package contains code to detect if it is running in a sandbox environment.

Malicious versions

1 flagged

1.0.0

Indicators of compromise (SHA-256)

737bf20c94c575781b4079ba957d10c5f7318d0cc5354be50b8d9e93dac96539

a8b4769efe93b713fa5a846061665f466dae9400828172841d2692a1073bbb1a

e28ce2ce1f759945a6b42ebe9f6f224869ab1f91b85212853e83a20d43a390bd

3dc84828483c5ad02170b5f1464d1467d826efc11191d4b0d662c7d62cbd5f2b

c579b8091fa84cc2f962f0d3f87f359e483f814bcaf925a9df9b790618852e69

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for code-suggester (version 1.0.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging code-suggester across your stack and pipelines.
If you installed it — respond
code-suggester is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If code-suggester was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks code-suggester before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. code-suggester on PyPI has been identified as a malicious package (version 1.0.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2025-004472024-12-langer-updaterRLUA-2026-00201

References

bad-packages.kam193.eu

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks code-suggester-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring