Which versions of jirawrapped are malicious?

The following PyPI versions of jirawrapped are flagged malicious: 0.1.0, 0.2.0, 0.3.1. Treat any of these as compromised.

How do I remediate jirawrapped if I installed it?

jirawrapped is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed jirawrapped — how do I know if it already compromised me?

If jirawrapped was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is jirawrapped part of a known attack campaign?

Yes — jirawrapped is associated with the RLMA-2025-03622, 2025-07-jirawrapped, RLUA-2026-00441 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find jirawrapped across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for jirawrapped (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging jirawrapped across your stack and pipelines.

Malicious package

jirawrappedPyPI

Malicious code in jirawrapped (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2025-6529

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall jirawrapped

What this malware does

During installation, the package attempts to exfiltrate browser history

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-07-jirawrapped

Reasons (based on the campaign):

exfiltration-browser-data
The package overrides the install command in setup.py to execute malicious code during installation.

Malicious versions

3 flagged

0.1.00.2.00.3.1

Indicators of compromise (SHA-256)

1cfac390213a1e127e3544e3432c6808608ae89bd969d84dd17d65422a4cff3b

11b6725737eb8375047c6b67a77daaeaddf22a076fcaff3c1bdf3462a578de0b

22cb10a2f4a514eac4296e09281b5b08784e62d6616a520e032e563d69a0e6e1

dc7a73f5342cc1ea37d99d6f0f42bb830c5a5f786aacdb86ec5dc39d56abebd7

83e37608e840ea23e7c5ba1d3347a049c1f7beda833dafee9cc30166f6717f10

e691e882d273d4ed5336c0324c27be20629b2824cdbeb41840f149279f07d07e

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for jirawrapped (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging jirawrapped across your stack and pipelines.
If you installed it — respond
jirawrapped is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If jirawrapped was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks jirawrapped before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. jirawrapped on PyPI has been identified as a malicious package (versions 0.1.0, 0.2.0, 0.3.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2025-036222025-07-jirawrappedRLUA-2026-00441

References

bad-packages.kam193.eu

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks jirawrapped-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring