What does the gwinpy malware do?

Generic campaign for all (likely) research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: GENERIC-questionable-pentest Reasons (based on the campaign): - exfiltration-env-variables - exfiltration-generic - The package overrides the install command in setup.py to execute malicious code during installation. - typosquatting The OpenSSF Package Analysis project identified 'gwinpy' @ 9999.0.0 (pypi) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activit

Which versions of gwinpy are malicious?

The following PyPI versions of gwinpy are flagged malicious: 9999.0.0. Treat any of these as compromised.

How do I remediate gwinpy if I installed it?

gwinpy is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed gwinpy — how do I know if it already compromised me?

If gwinpy was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is gwinpy part of a known attack campaign?

Yes — gwinpy is associated with the RLMA-2025-00471, GENERIC-questionable-pentest campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find gwinpy across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for gwinpy (version 9999.0.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging gwinpy across your stack and pipelines.

Malicious package

gwinpyPyPI

Malicious code in gwinpy (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-11248

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall gwinpy

What this malware does

Generic campaign for all (likely) research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: GENERIC-questionable-pentest

Reasons (based on the campaign):

exfiltration-env-variables
exfiltration-generic
The package overrides the install command in setup.py to execute malicious code during installation.
typosquatting

The OpenSSF Package Analysis project identified 'gwinpy' @ 9999.0.0 (pypi) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.

Malicious versions

1 flagged

9999.0.0

Indicators of compromise (SHA-256)

7a402b93fab2d0ba3f8b49f3c4c5ec0d74b643021bb9b23ee79b819417203ff3

d65225de8c7d732490ff0f42d3ea1c972e84a4fd8785292184bd3155925c02c3

c3c8b797e72651097a6753e3401de7095d8f6084b2b941067e931db9aae37d74

fdd3f3646435d9d7857a19999ffa38cdb99c04b4aa62177b1df6f2710b5412b3

2bc6d640e15e5b617dc3dafcf29eb70d92bae9ece82558584dd55770cbc7ec84

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for gwinpy (version 9999.0.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging gwinpy across your stack and pipelines.
If you installed it — respond
gwinpy is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If gwinpy was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks gwinpy before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. gwinpy on PyPI has been identified as a malicious package (version 9999.0.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2025-00471GENERIC-questionable-pentest

References

bad-packages.kam193.eu

Credits

Kamil Mańkowski (kam193)
OpenSSF: Package Analysis · finder
ReversingLabs · finder

Detect & block this

O3 blocks gwinpy-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring