Which versions of nageir are malicious?

The following PyPI versions of nageir are flagged malicious: 0.1.2. Treat any of these as compromised.

How do I remediate nageir if I installed it?

Remove nageir from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.

I already installed nageir — how do I know if it already compromised me?

If nageir was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is nageir part of a known attack campaign?

Yes — nageir is associated with the RLMA-2024-04176, RLUA-2024-08549 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find nageir across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for nageir (version 0.1.2). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging nageir across your stack and pipelines.

Malicious package

nageirPyPI

Malicious code in nageir (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-5394

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall nageir

Malicious versions

1 flagged

0.1.2

Indicators of compromise (SHA-256)

fea5011f789cd3ab9d01e975f6aabc7c32724fdaf4b3bb02ea59a6bb66b2abde

c5ae351d988e7639f7638f7ea804b600a8914ad3594adde4a07bc9dbaf35fdfa

Detection & response playbook

Malicious package

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for nageir (version 0.1.2). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging nageir across your stack and pipelines.
If you installed it — respond
Remove nageir from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.
Did it already run?
If nageir was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks nageir before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. nageir on PyPI has been identified as a malicious package (version 0.1.2 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2024-04176RLUA-2024-08549

Credits

ReversingLabs · finder

Detect & block this

O3 blocks nageir-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.

Malware detection Runtime egress monitoring

nageirPyPI

Malicious versions

Indicators of compromise (SHA-256)

Detection & response playbook

Find it

If you installed it — respond

Did it already run?

How O3 protects you

Frequently asked questions

Campaign

Credits

Detect & block this