Which versions of pytensorlite are malicious?

The following PyPI versions of pytensorlite are flagged malicious: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4. Treat any of these as compromised.

How do I remediate pytensorlite if I installed it?

pytensorlite is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed pytensorlite — how do I know if it already compromised me?

If pytensorlite was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is pytensorlite part of a known attack campaign?

Yes — pytensorlite is associated with the RLMA-2025-04802, 2025-08-pytensorlite, RLUA-2026-00650 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find pytensorlite across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pytensorlite (5 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pytensorlite across your stack and pipelines.

Malicious package

pytensorlitePyPI

Malicious code in pytensorlite (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2025-47795

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall pytensorlite

What this malware does

Importing the module downloads and starts an infostealer

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-08-pytensorlite

Reasons (based on the campaign):

infostealer
obfuscation
Downloads and executes a remote malicious script.
exfiltration-generic
exfiltration-credentials
exfiltration-browser-data

Malicious versions

5 flagged

0.1.00.1.10.1.20.1.30.1.4

Indicators of compromise (SHA-256)

82e8130dfa7d223eb499b585a969ead57a7a65cf1217272c3be347801847d60c

6d789cb477a2e54d47336cc6720a369096ec439f53a6083f423abcdb62ef2ac7

188201cba6b48f33920bc11fd719f4dcc6a78b6ca0e1c038f6a950027522cbe2

1e2d6f30dd2360285f0563f09b4cb5b4951fe280a8ecdae91b2081ee99e5fe86

ec7682f61cf674b2687b18fffe3ae6bbf2eff14b53e39751ad3577c2029e1dbe

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pytensorlite (5 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pytensorlite across your stack and pipelines.
If you installed it — respond
pytensorlite is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If pytensorlite was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks pytensorlite before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. pytensorlite on PyPI has been identified as a malicious package (versions 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2025-048022025-08-pytensorliteRLUA-2026-00650

References

bad-packages.kam193.eu

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks pytensorlite-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring