Which versions of pytiom are malicious?

The following PyPI versions of pytiom are flagged malicious: 1.0.0. Treat any of these as compromised.

How do I remediate pytiom if I installed it?

pytiom is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed pytiom — how do I know if it already compromised me?

If pytiom was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is pytiom part of a known attack campaign?

Yes — pytiom is associated with the RLMA-2024-09073, funcaptcha-ru campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find pytiom across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pytiom (version 1.0.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pytiom across your stack and pipelines.

Malicious package

pytiomPyPI

Malicious code in pytiom (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-10136

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall pytiom

What this malware does

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: funcaptcha-ru

Reasons (based on the campaign):

infostealer

Malicious versions

1 flagged

1.0.0

Indicators of compromise (SHA-256)

ee870aed33c2e9ac2648698927e952bcfdfb373cd9e6ee668f82b69211796cbb

046b4a036e4c57fbbba19c53ae028d0397b9685f8d77c985b57d6b02974ee469

bd2b34fcc3a14163b9e8df81d7e850d85c454b775bd61d9f3dd0f6965511dbe7

0d3d99100f3a2dbb57b5292945fe513a8e07e8b67c5a8a52566af719a449066c

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pytiom (version 1.0.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pytiom across your stack and pipelines.
If you installed it — respond
pytiom is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If pytiom was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks pytiom before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. pytiom on PyPI has been identified as a malicious package (version 1.0.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2024-09073funcaptcha-ru

References

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks pytiom-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring