Which versions of pymatcha are malicious?

The following PyPI versions of pymatcha are flagged malicious: 0.1, 0.1.0. Treat any of these as compromised.

How do I remediate pymatcha if I installed it?

pymatcha is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed pymatcha — how do I know if it already compromised me?

If pymatcha was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is pymatcha part of a known attack campaign?

Yes — pymatcha is associated with the 2024-08-embeds-RealtekHDAudioManager campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find pymatcha across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pymatcha (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pymatcha across your stack and pipelines.

Malicious package

pymatchaPyPI

Malicious code in pymatcha (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-12332

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall pymatcha

What this malware does

Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-08-embeds-RealtekHDAudioManager

Reasons (based on the campaign):

infostealer
Downloads and executes a remote executable.

Malicious versions

2 flagged

0.10.1.0

Indicators of compromise (SHA-256)

04fc720abff2658bd17dc7bb67f3c765f5a16506a8895c2e4ac25cec9ddf6dad

779c6dd8d3b44cbb116c534cbd88dd2a73e5ee6f946e7e37c66f7eba13dedefd

b73b209b8ba70c7ada98400a3f094fefcb84eba02499113778a68cb52a308e64

9c0ef162f44d7e12fb04e7287157ce9e08acde3aeb38dd3f5e4d8a496b6b464c

a4e2f766d2afb8b28ba0b6845f1cefee1f52c665ebd3b88de52ea733096d8485

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pymatcha (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pymatcha across your stack and pipelines.
If you installed it — respond
pymatcha is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If pymatcha was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks pymatcha before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. pymatcha on PyPI has been identified as a malicious package (versions 0.1, 0.1.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

2024-08-embeds-RealtekHDAudioManager

References

Credits

Kamil Mańkowski (kam193)

Detect & block this

O3 blocks pymatcha-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring