Which versions of grokwrapper are malicious?

The following PyPI versions of grokwrapper are flagged malicious: 0.1.0, 0.2.0. Treat any of these as compromised.

How do I remediate grokwrapper if I installed it?

grokwrapper is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed grokwrapper — how do I know if it already compromised me?

If grokwrapper was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is grokwrapper part of a known attack campaign?

Yes — grokwrapper is associated with the 2026-02-grokwrapper campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find grokwrapper across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for grokwrapper (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging grokwrapper across your stack and pipelines.

Malicious package

grokwrapperPyPI

Malicious code in grokwrapper (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2026-811

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall grokwrapper

What this malware does

During importing the module, package silently execute code hidden in an embedded config file, and downloads remote executable. It's then added to Run registry key for persistence and started.

During analysis, the executable was not detected by antiviruses.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-02-grokwrapper

Reasons (based on the campaign):

Downloads and executes a remote executable.
obfuscation
peristence-autorun

Malicious versions

2 flagged

0.1.00.2.0

Indicators of compromise (SHA-256)

a7ae896464be7f195243e35231a2435d0a1eb055cc7fa8cfaef707c7e11c55b2

6a020c1f62988aa0b040fe97d8a8444b8e38e3a8cdd62197795d96fdd8a0c8b3

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for grokwrapper (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging grokwrapper across your stack and pipelines.
If you installed it — respond
grokwrapper is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If grokwrapper was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks grokwrapper before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. grokwrapper on PyPI has been identified as a malicious package (versions 0.1.0, 0.2.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

2026-02-grokwrapper

References

Credits

Kamil Mańkowski (kam193) · reporter

Detect & block this

O3 blocks grokwrapper-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring