Which versions of nvidia-nat-semantic-kernel are malicious?

The following PyPI versions of nvidia-nat-semantic-kernel are flagged malicious: 1.8.0a20260521, 1.8.0a20260607, 1.9.0a20260611. Treat any of these as compromised.

How do I remediate nvidia-nat-semantic-kernel if I installed it?

Remove nvidia-nat-semantic-kernel from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is nvidia-nat-semantic-kernel part of a known attack campaign?

Yes — nvidia-nat-semantic-kernel is associated with the IN-MAL-2026-003799, IN-MAL-2026-005859, IN-MAL-2026-005860 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect nvidia-nat-semantic-kernel in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking nvidia-nat-semantic-kernel and packages like it before any post-install script runs.

Malicious package

nvidia-nat-semantic-kernelPyPI

Malicious code in nvidia-nat-semantic-kernel (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2026-4760

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall nvidia-nat-semantic-kernel

What this malware does

The package's METADATA declares Requires-Dist: ruamel-yaml-clibz==0.3.5, a typosquat of the well-known ruamel-yaml-clib (note the trailing 'z'). Installing nvidia-nat-semantic-kernel via pip will silently resolve and install ruamel-yaml-clibz from PyPI, bringing whatever code that lookalike package ships into the installer's environment. The substitution is inconsistent with the rest of the dependency list, which uses standard upstream names, and ruamel-yaml-clib (without the z) is the canonical C-extension companion to ruamel.yaml that the YAML stack normally requires. This is the dependency-confusion / pull-through-typosquat pattern: the host package is the vector, and the harm arrives through the named transitive.

Malicious versions

3 flagged

1.8.0a202605211.8.0a202606071.9.0a20260611

Indicators of compromise (SHA-256)

fd31ef3bb7acb152519e55b43037368e8dfc21d444050bec7739778c4ce73381

f32e25245e0ef36f469203aba98a1b9f2da197e8df3d4333e979f8772ff53535

fe66a4b0f7f00b8e8a9abd877b3ab0531d56906cc11f6fa6ecaddd4b0bebbbe1

Frequently asked questions

No. nvidia-nat-semantic-kernel on PyPI has been identified as a malicious package (versions 1.8.0a20260521, 1.8.0a20260607, 1.9.0a20260611 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-003799IN-MAL-2026-005859IN-MAL-2026-005860

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection