libhmacPyPI
Malicious code in libhmac (PyPI) Remove it immediately and rotate any exposed credentials.
What this malware does
The PyPI name 'libhmac' matches the well-known libyal/libhmac C forensics library (HMAC primitive), but the package contents have nothing to do with HMAC primitives. The shipped code is a complete Chromium-family browser-extension hijacking toolkit. ChromeManager.ReplaceInPlaceExtensions (src/libhmac/extension_patcher.py) enumerates all Chrome/Edge/Brave/Vivaldi profiles for the current user, copies attacker payload bytes (dm_core_bg.js, dm_core_bg.wasm) into each extension's version directory, rewrites manifest.json to add <all_urls> host permissions and a relaxed content_security_policy (wasm-unsafe-eval, broad connect-src), strips extensions.ui.developer_mode_encrypted_hash from Chrome's Secure Preferences (src/libhmac/preferences_handler.py:84), and recomputes Chrome's super_mac using the per-browser HMAC seed extracted from resources.pak (src/libhmac/hmac_calculator.py:223) to defeat tamper detection. The advertised purpose in pyproject.toml is 'Chromium extension host sync, CSP relaxation, and in-place extension patching'. Author metadata is a placeholder ('libhmac maintainers', no email, no homepage, no repo) under a 'Proprietary' license. A developer who runs pip install libhmac expecting the libyal HMAC library instead pulls in a browser-compromise toolkit; downstream packages can import libhmac to weaponize any installer's browser profiles. The combination of name impersonation of an established OSS library, anonymous maintainer identity, and offensive capability with no legitimate dual-use framing is the fingerprint of namespace-abuse malware infrastructure.
The package is a loader of an infostealer that modifies browser extensions to intercept credentials and cryptowallet data. The installation is not automatic, the code is intended to be triggered externally, but includes hardcoded exfiltration target.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-05-libhmac
Reasons (based on the campaign):
-
crypto-related
-
exfiltration-credentials
-
exfiltration-crypto
-
exfiltration-browser-data
Malicious versions
Indicators of compromise (SHA-256)
Detection & response playbook
Credential / info stealerFind it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for libhmac (4 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging libhmac across your stack and pipelines.
If you installed it — respond
libhmac is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If libhmac was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks libhmac before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.
Frequently asked questions
Campaign
References
Credits
- Amazon Inspector · finder
- Kamil Mańkowski (kam193) · reporter
Detect & block this
O3 blocks libhmac-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.