Which versions of databaseroboat are malicious?

The following PyPI versions of databaseroboat are flagged malicious: 0.0.1, 0.0.2. Treat any of these as compromised.

How do I remediate databaseroboat if I installed it?

databaseroboat is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed databaseroboat — how do I know if it already compromised me?

If databaseroboat was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is databaseroboat part of a known attack campaign?

Yes — databaseroboat is associated with the 2026-03-roboat-addition campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find databaseroboat across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for databaseroboat (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging databaseroboat across your stack and pipelines.

Malicious package

databaseroboatPyPI

Malicious code in databaseroboat (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2026-2295

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall databaseroboat

What this malware does

During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap.

The campaign is built over a malicious Roblox API wrapper. The roboat[.]pro (later robase[.]app) domain advertises a wrapper that is either directly malicious (as roboat collected in the campaign 2026-03-rowrap) or uses a malicious dependencies (like roboat-utils). New versions are published simultaneously with malicious dependencies and quickly removed. Another advertisement channel is https://github.com/Addi9000/roboat referencing two active contributors: https://github.com/Addi9000 and https://github.com/RoCruise

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-03-roboat-addition

Reasons (based on the campaign):

The package overrides the install command in setup.py to execute malicious code during installation.
Downloads and executes a remote executable.
The malicious code is intentionally included in a dependency of the package
malware
clones-real-package

Malicious versions

2 flagged

0.0.10.0.2

Indicators of compromise (SHA-256)

5227c1d7a79a1dcce9aae113c60aa92087e3ebd9bcf6696589c53c3ab1edf572

29455dd419aa46a57b75cee86f6dd0fda6e194a3d875bbd54c879fe24c8e6be2

1ba410c4503ae9b5b92483f291513a30cb8e18b4e5b164e1848e01a9467e90a2

f1443616eb0b9a85e280accc30a1d86cdd945f16bc7906847e65242e7a7dfef7

a42a5c4b6eae0027e2c26421c882d5739702cc0b323e19af2c8ee37d012c527a

d12f3d05a2d825961a712c938598b76138997193e40531548ac6ce2b28184689

aa6fc51ce98a554b0adacdbc69de2796b13f41519e806aa331855b54a4ed4ba1

3c3d5d00b97ea534e5873e4b0aecaa2895fcc25dfca987d487dcc2510cf14f3a

78cb99eb2eb5a03d3519798ac1c5f9bc3a25172172ee8d364b5079edab22d92b

f791518a5811c741eea54f23202e5e95b2d7e3ca7c9ced0fa0fd8ec2afd3ccd5

9930640c2182c34ab71c92c2d05e791f15a03bc73513ffe292e13db07854d016

62d522c54ec749bd7872d786c063b7dd002e3ca6f866a2796edffdc6483de135

fc43498746eb0334c9008567624bf03bde70561675fdddd67d175917354e27d0

5acf7e5025d618897bd07b8c2fd19234c35287ce54e8c195c8b8b1bdbb3345b3

2d41879b8aa9964477f1055038ad155029dd0d279d1d0011d3548181c1066277

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for databaseroboat (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging databaseroboat across your stack and pipelines.
If you installed it — respond
databaseroboat is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If databaseroboat was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks databaseroboat before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. databaseroboat on PyPI has been identified as a malicious package (versions 0.0.1, 0.0.2 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

2026-03-roboat-addition

References

Credits

Kamil Mańkowski (kam193) · analyst

Detect & block this

O3 blocks databaseroboat-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring