Which versions of pytnon are malicious?

The following PyPI versions of pytnon are flagged malicious: 1.0.0. Treat any of these as compromised.

How do I remediate pytnon if I installed it?

pytnon is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed pytnon — how do I know if it already compromised me?

If pytnon was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is pytnon part of a known attack campaign?

Yes — pytnon is associated with the RLMA-2024-09075, funcaptcha-ru campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find pytnon across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pytnon (version 1.0.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pytnon across your stack and pipelines.

Malicious package

pytnonPyPI

Malicious code in pytnon (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-10138

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall pytnon

What this malware does

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: funcaptcha-ru

Reasons (based on the campaign):

infostealer

Malicious versions

1 flagged

1.0.0

Indicators of compromise (SHA-256)

22c7264ec25d153affe50d684fa67cc8b340c9400e1d2f4b58b68f078cf0c835

af55459fb249773e8efc04789078cb4d9ab409b259781362ea339be8ec8e3163

837090f72f6ea44d9457a9d74030e3ce1f43afc79e039c6020121bfd1e9dac7a

a1e31c4e1fd704f79c3dc6494ba6eb0e51516d01ed91ad6aa8b00ab9ae020736

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pytnon (version 1.0.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pytnon across your stack and pipelines.
If you installed it — respond
pytnon is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If pytnon was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks pytnon before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. pytnon on PyPI has been identified as a malicious package (version 1.0.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2024-09075funcaptcha-ru

References

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks pytnon-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring