Which versions of dcchbot are malicious?

The following PyPI versions of dcchbot are flagged malicious: 1.8.1, 1.8.3, 1.9, 1.9.1, 1.9.4. Treat any of these as compromised.

How do I remediate dcchbot if I installed it?

dcchbot is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed dcchbot — how do I know if it already compromised me?

If dcchbot was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is dcchbot part of a known attack campaign?

Yes — dcchbot is associated with the IN-MAL-2026-002150, IN-MAL-2026-002149, IN-MAL-2026-002147, IN-MAL-2026-002148, IN-MAL-2026-002146 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find dcchbot across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for dcchbot (5 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging dcchbot across your stack and pipelines.

Malicious package

dcchbotPyPI

Malicious code in dcchbot (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2026-3689

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall dcchbot

What this malware does

The package performs multiple installer-hostile behaviors. (1) dcchbot/init.py auto-invokes run() on import, which triggers interactive input() prompts and an outbound HTTPS GET to a non-PyPI third-party domain (https://evan0708.rf.gd/pypi-backup/json) — any import (including by IDEs, linters, or dependency scanners) blocks on stdin and beacons to attacker-controlled infrastructure. (2) main.py reads data['info']['version'] from that rf.gd endpoint and later uses the value directly inside os.system(f'pip install dcchbot=={latest_version}') in the /bot-update slash handler; a crafted response (e.g. containing shell metacharacters) yields arbitrary command execution on the installer's host. The rf.gd free-subdomain pattern can also be re-registered by third parties if the account lapses, making this a latent RCE channel. (3) main.py hardcodes CODER_ID = 1317800611441283139 and authorizes that Discord user ID inside /op, /stop, /token, and /bot-update handlers in addition to the installer's OWNER_ID — the package author can, on any Discord server where an installer's bot is present, leak the bot token (/token sends bot._token), grant themselves administrator, or trigger the vulnerable update command. This is direct installer-side harm: token exfiltration, privilege escalation on the installer's Discord servers, and remote shell command execution driven by an external URL.

Malicious versions

5 flagged

1.8.11.8.31.91.9.11.9.4

Indicators of compromise (SHA-256)

3a40a14434df3a61756624968ed85c2ea55ae3298fde23de5099c530089fd7b0

60ff0446b42a79933bc212e1600a36b572d60635fbfd6f69f9881b54ad7f4c18

c995da3f467f406ccbbc6314be0fcfc0f01b212c54bf3add01207e1d1fba6626

df79831d1b486c8ca704295b410cec7b66be85aa87c3244d97ff1e87f643183a

ff481b1e845b1c26503b21dc505660af654baf24f7250391c2a59357e3611425

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for dcchbot (5 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging dcchbot across your stack and pipelines.
If you installed it — respond
dcchbot is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If dcchbot was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks dcchbot before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. dcchbot on PyPI has been identified as a malicious package (versions 1.8.1, 1.8.3, 1.9, 1.9.1, 1.9.4 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-002150IN-MAL-2026-002149IN-MAL-2026-002147IN-MAL-2026-002148IN-MAL-2026-002146

References

Credits

Amazon Inspector · finder

Detect & block this

O3 blocks dcchbot-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring