Which versions of graphdict are malicious?

The following PyPI versions of graphdict are flagged malicious: 3.4.0, 3.4.2, 3.4.6, 3.4.8, 3.4.10, 3.4.11, 3.4.12, 3.4.13, 3.4.14. Treat any of these as compromised.

How do I remediate graphdict if I installed it?

graphdict is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed graphdict — how do I know if it already compromised me?

If graphdict was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is graphdict part of a known attack campaign?

Yes — graphdict is associated with the RLMA-2025-03606, 2025-07-graphdict, RLUA-2026-00364 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find graphdict across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for graphdict (9 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging graphdict across your stack and pipelines.

Malicious package

graphdictPyPI

Malicious code in graphdict (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2025-6515

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall graphdict

What this malware does

Malicious clone of legitimate networkx package with added hidden encrypted code. The exact behaviour unclear as it uses decryption key based on the arguments and config files

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-07-graphdict

Reasons (based on the campaign):

Downloads and executes a remote malicious script.
obfuscation
clones-real-package

Malicious versions

9 flagged

3.4.03.4.23.4.63.4.83.4.103.4.113.4.123.4.133.4.14

Indicators of compromise (SHA-256)

c7101391422181823d61a3d636c7f9134c431e9b9c44cfe44b94eaafd7466cb9

c8ee8870b424d4d335d5d3c132e8e393dd102af2d95b00b112b5f320357f1858

d6536224bd962025c65671a0007df1998dbc9485dfb2d628b0a0d57ab916487e

74ed208ded42d64f781d359a0bf37211d4a58f5d6a3b84d585d44ffa683de456

d00497adc5227d643ba30f82de9c1daf348087666a0597e2cbe642a21772d033

ebaed867b03d8b50669a2d39ceafad37cdded3be064ad1ab5b5af833eda3bf9d

3decd52ea880fd85d18e4c27742117fa4f4ecc8ddd536be6d21e730c92da410e

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for graphdict (9 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging graphdict across your stack and pipelines.
If you installed it — respond
graphdict is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If graphdict was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks graphdict before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. graphdict on PyPI has been identified as a malicious package (versions 3.4.0, 3.4.2, 3.4.6, 3.4.8, 3.4.10, 3.4.11, 3.4.12, 3.4.13, and 1 more flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2025-036062025-07-graphdictRLUA-2026-00364

References

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks graphdict-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring