Which versions of mumuplayer12 are malicious?

The following PyPI versions of mumuplayer12 are flagged malicious: 0.0.1. Treat any of these as compromised.

How do I remediate mumuplayer12 if I installed it?

mumuplayer12 is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed mumuplayer12 — how do I know if it already compromised me?

If mumuplayer12 was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is mumuplayer12 part of a known attack campaign?

Yes — mumuplayer12 is associated with the RLMA-2024-11096, 2024-08-embeds-RealtekHDAudioManager, RLUA-2026-00540 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find mumuplayer12 across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for mumuplayer12 (version 0.0.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging mumuplayer12 across your stack and pipelines.

Malicious package

mumuplayer12PyPI

Malicious code in mumuplayer12 (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-11640

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall mumuplayer12

What this malware does

Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-08-embeds-RealtekHDAudioManager

Reasons (based on the campaign):

infostealer
Downloads and executes a remote executable.

Malicious versions

1 flagged

0.0.1

Indicators of compromise (SHA-256)

a108149966d0dc2587504f5c61d5a15284fbae1127bfe8c775c03e9d95963f77

0c6553cdf5369da5c7b08008dbb983dc5f71ffb33361155859af4c95a5aed0fd

f5e7ec41057042474a89cfaa47532d1f790110bc7ac08533ff4dbeea9ee91899

0c469923da0d04e671123512894c446ed2bcb3bc5fe0a22fcba77d0fddf06397

1df0065844ef68c5e0b0471c4ba547cbb5d38dc4331f0829f91a92b091ea7bcb

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for mumuplayer12 (version 0.0.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging mumuplayer12 across your stack and pipelines.
If you installed it — respond
mumuplayer12 is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If mumuplayer12 was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks mumuplayer12 before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. mumuplayer12 on PyPI has been identified as a malicious package (version 0.0.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2024-110962024-08-embeds-RealtekHDAudioManagerRLUA-2026-00540

References

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks mumuplayer12-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring