Which versions of instaread are malicious?

The following PyPI versions of instaread are flagged malicious: 0.1.0, 0.1.1, 0.1.2, 0.1.3. Treat any of these as compromised.

How do I remediate instaread if I installed it?

instaread is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed instaread — how do I know if it already compromised me?

If instaread was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is instaread part of a known attack campaign?

Yes — instaread is associated with the 2024-10-old-instaread campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find instaread across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for instaread (4 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging instaread across your stack and pipelines.

Malicious package

instareadPyPI

Malicious code in instaread (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-12292

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall instaread

What this malware does

The file bc2556d1c1ea2a2d00.js contains an AdWare LNKR, this file is included in read_article.html template and effectively used when the user requests to see the downloaded article in the webbrowser (function "read" from instaread.py). Note: the template may have been copied from the website, so 'maybe' including adware is unintentional.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-10-old-instaread

Reasons (based on the campaign):

action-hidden-in-lib-usage
The package is used to advertise a service or product.

Malicious versions

4 flagged

0.1.00.1.10.1.20.1.3

Indicators of compromise (SHA-256)

4419f9d8f65e0a5975661e45b684e3a855114386fecdf27178227014b4936661

792748013463fb0303ff6033b47dcb48c23dc944d5075a8859b6997eafd47a56

0cf8d254f1c5749f6ddfe72b66f839ba14e41435398f3db183e43d1726eae58f

44eab4e373a635e4c89555c65855a4dfd9961f838dc8438343392f6d3e5e45ca

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for instaread (4 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging instaread across your stack and pipelines.
If you installed it — respond
instaread is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If instaread was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks instaread before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. instaread on PyPI has been identified as a malicious package (versions 0.1.0, 0.1.1, 0.1.2, 0.1.3 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

2024-10-old-instaread

References

Credits

Kamil Mańkowski (kam193)

Detect & block this

O3 blocks instaread-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring