Which versions of ip-rotat are malicious?

The following PyPI versions of ip-rotat are flagged malicious: 0.0.1. Treat any of these as compromised.

How do I remediate ip-rotat if I installed it?

ip-rotat is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed ip-rotat — how do I know if it already compromised me?

If ip-rotat was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is ip-rotat part of a known attack campaign?

Yes — ip-rotat is associated with the 2026-06-ip-rotat, IN-MAL-2026-007335 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find ip-rotat across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for ip-rotat (version 0.0.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging ip-rotat across your stack and pipelines.

Malicious package

ip-rotatPyPI

Malicious code in ip-rotat (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2026-6280

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall ip-rotat

What this malware does

On pip install or pip download, setup.py registers overridden install and egg_info cmdclass entries that execute ps -elf to capture the host's process listing and iterate the entire os.environ mapping into a URL-encoded body, then POST the combined payload via curl to http://gjampdwmdjmppwedtkpbbdkq05f6iiz6r.oast.fun over plaintext HTTP. Bulk env scraping at install time leaks any CI/CD secrets present in the environment (AWS keys, GitHub/npm/PyPI tokens, etc.) along with a system-wide process listing. The package ships no actual ip-rotation functionality — setup.py contains only the exfiltration payload, the package name ip_rotat is a one-character truncation of common ip-rotator-style libraries, and the README references the this_is_fine_wuzzi install-time-code-execution PoC. The combination of name confusion, zero advertised functionality, and an automatic install-time exfil hook is a supply-chain attack against any installer.

During installation, the package exfiltrates env variables

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-ip-rotat

Reasons (based on the campaign):

The package overrides the install command in setup.py to execute malicious code during installation.
exfiltration-env-variables
typosquatting

Malicious versions

1 flagged

0.0.1

Indicators of compromise (SHA-256)

3ecb8a355dcbe7df86e0a785d8639e85faab9a5b4bad430ae3701ffa9432a4d2

c94ce837f78d13ec8e012833efb46fab8b496311d90347759f21366b3bfdfbea

e85ab2724beee13bb6c2658c5bf5d50069c83619f062d39935226ff1fee1c0a3

a7a8225ea0ef3ae5d58eed407fa3e3af246d4e246125598ce5e6720fc4e47e5d

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for ip-rotat (version 0.0.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging ip-rotat across your stack and pipelines.
If you installed it — respond
ip-rotat is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If ip-rotat was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks ip-rotat before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. ip-rotat on PyPI has been identified as a malicious package (version 0.0.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

2026-06-ip-rotatIN-MAL-2026-007335

References

Credits

Amazon Inspector · finder
Kamil Mańkowski (kam193) · reporter

Detect & block this

O3 blocks ip-rotat-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring