Which versions of pylibsqlite are malicious?

The following PyPI versions of pylibsqlite are flagged malicious: 0.1.0. Treat any of these as compromised.

How do I remediate pylibsqlite if I installed it?

Remove pylibsqlite from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.

I already installed pylibsqlite — how do I know if it already compromised me?

If pylibsqlite was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is pylibsqlite part of a known attack campaign?

Yes — pylibsqlite is associated with the RLMA-2024-04533, RLUA-2024-08964 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find pylibsqlite across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pylibsqlite (version 0.1.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pylibsqlite across your stack and pipelines.

Malicious package

pylibsqlitePyPI

Malicious code in pylibsqlite (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-5740

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall pylibsqlite

Malicious versions

1 flagged

0.1.0

Indicators of compromise (SHA-256)

4ec00a66f1edbb18a96f18d1c62617f085e1e11c4676afe1dc5db3b56beb45ad

e23979030f2e69f46303a21a67776782b952f7b58d5906b47ccd7c330b0b1852

Detection & response playbook

Malicious package

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pylibsqlite (version 0.1.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pylibsqlite across your stack and pipelines.
If you installed it — respond
Remove pylibsqlite from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.
Did it already run?
If pylibsqlite was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks pylibsqlite before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. pylibsqlite on PyPI has been identified as a malicious package (version 0.1.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2024-04533RLUA-2024-08964

Credits

ReversingLabs · finder

Detect & block this

O3 blocks pylibsqlite-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.

Malware detection Runtime egress monitoring

pylibsqlitePyPI

Malicious versions

Indicators of compromise (SHA-256)

Detection & response playbook

Find it

If you installed it — respond

Did it already run?

How O3 protects you

Frequently asked questions

Campaign

Credits

Detect & block this