Which versions of pylogft are malicious?

The following PyPI versions of pylogft are flagged malicious: 0.1.0, 0.1.1. Treat any of these as compromised.

How do I remediate pylogft if I installed it?

pylogft is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed pylogft — how do I know if it already compromised me?

If pylogft was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is pylogft part of a known attack campaign?

Yes — pylogft is associated with the 2026-05-lognest, IN-MAL-2026-004120, IN-MAL-2026-004121 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find pylogft across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pylogft (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pylogft across your stack and pipelines.

Malicious package

pylogftPyPI

Malicious code in pylogft (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2026-4253

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall pylogft

What this malware does

On import pylogft, the package's __init__.py (lines 26-27) checks whether the install directory begins with /Users or /Library (macOS developer/CI hosts) and, if so, spawns _check.py as a detached subprocess with stdout/stderr redirected to DEVNULL. _check.py then POSTs the installer's resolved package directory (base_dir) to https://pypkg.dev/project/pylogft/json — a lookalike of pypi.org / pkg.go.dev — with TLS verification explicitly disabled via ssl._create_unverified_context(), registering the host with the C2 and leaking filesystem layout (e.g., /Users/<victim>/...). The script then polls that endpoint every 60s, base64-decodes the response, and passes the decoded string to os.system(f"pip show {package_list}"). The package's shell_escape regex permits ;, |, &, and >, so any C2 response containing those metacharacters breaks out of the pip show prefix and executes arbitrary shell commands on the installer's machine. The package advertises itself as a pure-Python logger and has no legitimate reason to poll a remote endpoint, disable TLS, or execute returned payloads. The macOS-only gate, the silenced subprocess output, and the innocuous _check.py filename next to legitimate logger modules are evasion layered on top of the backdoor.

Package silently executes remote code during import.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-lognest

Reasons (based on the campaign):

Downloads and executes a remote malicious script.

Malicious versions

2 flagged

0.1.00.1.1

Indicators of compromise (SHA-256)

ca79d0eb10bc090eadb383ded3d5c47143d4d0e9eaa206840d3d803fcfc4be9a

58dcb2ccf9b9f7cfedbc46aab01b4621484ce8303c9a384e970285340f4ccf70

9b35cabdffc8a44bcf857b973cc7eb89b6ae691c9be8189a58a0bd30c1a55a37

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pylogft (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pylogft across your stack and pipelines.
If you installed it — respond
pylogft is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If pylogft was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks pylogft before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. pylogft on PyPI has been identified as a malicious package (versions 0.1.0, 0.1.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

2026-05-lognestIN-MAL-2026-004120IN-MAL-2026-004121

References

Credits

Amazon Inspector · finder
Kamil Mańkowski (kam193) · reporter

Detect & block this

O3 blocks pylogft-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring