Which versions of j5gerggnpuiwerbngpiutbgn0iutb0p are malicious?

The following PyPI versions of j5gerggnpuiwerbngpiutbgn0iutb0p are flagged malicious: 0.0.1. Treat any of these as compromised.

How do I remediate j5gerggnpuiwerbngpiutbgn0iutb0p if I installed it?

Remove j5gerggnpuiwerbngpiutbgn0iutb0p from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.

I already installed j5gerggnpuiwerbngpiutbgn0iutb0p — how do I know if it already compromised me?

If j5gerggnpuiwerbngpiutbgn0iutb0p was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is j5gerggnpuiwerbngpiutbgn0iutb0p part of a known attack campaign?

Yes — j5gerggnpuiwerbngpiutbgn0iutb0p is associated with the 2024-10-lokopoil23 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find j5gerggnpuiwerbngpiutbgn0iutb0p across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for j5gerggnpuiwerbngpiutbgn0iutb0p (version 0.0.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging j5gerggnpuiwerbngpiutbgn0iutb0p across your stack and pipelines.

Malicious package

j5gerggnpuiwerbngpiutbgn0iutb0pPyPI

Malicious code in j5gerggnpuiwerbngpiutbgn0iutb0p (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-9408

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall j5gerggnpuiwerbngpiutbgn0iutb0p

What this malware does

According to the description, packages should demonstrate the dependency confusion attack. The realisation is, in fact, a spamming with packages having as the only purpose reporting basic data like hostname and current working directory.

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: 2024-10-lokopoil23

Reasons (based on the campaign):

dependency-confusion

The OpenSSF Package Analysis project identified 'j5gerggnpuiwerbngpiutbgn0iutb0p' @ 0.0.1 (pypi) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.

Malicious versions

1 flagged

0.0.1

Indicators of compromise (SHA-256)

ec514f3b1444b6e201642b0d2fbf478cafc99eaab3d7db4885d0a75e298abb20

c0d5035efef6512982eee29a729ab382ae17bdaafd84745a28c19c347e19769a

3b948e846f1817c6c72336ef38aac1149d25e0e40dc903eef60f7af4f3625e1f

f785864a73e797a59c985a5b9650524eb4c3106d2542457d93d15a286fdae505

Detection & response playbook

Malicious package

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for j5gerggnpuiwerbngpiutbgn0iutb0p (version 0.0.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging j5gerggnpuiwerbngpiutbgn0iutb0p across your stack and pipelines.
If you installed it — respond
Remove j5gerggnpuiwerbngpiutbgn0iutb0p from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.
Did it already run?
If j5gerggnpuiwerbngpiutbgn0iutb0p was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks j5gerggnpuiwerbngpiutbgn0iutb0p before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. j5gerggnpuiwerbngpiutbgn0iutb0p on PyPI has been identified as a malicious package (version 0.0.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

2024-10-lokopoil23

References

bad-packages.kam193.eu

Credits

Kamil Mańkowski (kam193)
OpenSSF: Package Analysis · finder

Detect & block this

O3 blocks j5gerggnpuiwerbngpiutbgn0iutb0p-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.

Malware detection Runtime egress monitoring