Which versions of image-dream are malicious?

The following PyPI versions of image-dream are flagged malicious: 9.6. Treat any of these as compromised.

How do I remediate image-dream if I installed it?

image-dream is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed image-dream — how do I know if it already compromised me?

If image-dream was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is image-dream part of a known attack campaign?

Yes — image-dream is associated with the RLMA-2024-11065, 2024-11-byted-dast, RLUA-2026-00420 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find image-dream across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for image-dream (version 9.6). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging image-dream across your stack and pipelines.

Malicious package

image-dreamPyPI

Malicious code in image-dream (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-11612

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall image-dream

What this malware does

A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the username to the package author. There is no other purpose of the package.

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: 2024-11-byted-dast

Reasons (based on the campaign):

The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
typosquatting
dependency-confusion

Malicious versions

1 flagged

9.6

Indicators of compromise (SHA-256)

9b11ef124fb0b9b73ad42357b6a52f362ebc7585fc4e714bff8abbf6230c8164

82384bd55d5792ad307bea40e113484bc9594048cdb0e45d31916a77605757dc

5dc5a040f22951aa7352846d3518445c278d2c8aab44dcdf8435fd063e079957

7606a9569b4b2784b6f99f1da72ff34bb0402d140268f6762df3cffeb0b26f86

5f604f5e2a18197c8960df2411c7997b58eb8af13badafab5698ba684388fcd9

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for image-dream (version 9.6). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging image-dream across your stack and pipelines.
If you installed it — respond
image-dream is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If image-dream was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks image-dream before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. image-dream on PyPI has been identified as a malicious package (version 9.6 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2024-110652024-11-byted-dastRLUA-2026-00420

References

bad-packages.kam193.eu

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks image-dream-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring