Which versions of pytoh are malicious?

The following PyPI versions of pytoh are flagged malicious: 1.0.0. Treat any of these as compromised.

How do I remediate pytoh if I installed it?

pytoh is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed pytoh — how do I know if it already compromised me?

If pytoh was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is pytoh part of a known attack campaign?

Yes — pytoh is associated with the RLMA-2024-09076, funcaptcha-ru campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find pytoh across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pytoh (version 1.0.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pytoh across your stack and pipelines.

Malicious package

pytohPyPI

Malicious code in pytoh (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-10139

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall pytoh

What this malware does

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: funcaptcha-ru

Reasons (based on the campaign):

infostealer

Malicious versions

1 flagged

1.0.0

Indicators of compromise (SHA-256)

df852e04e592e5612b1f6b189e32ce0e44bac07d9ec768b5431d72eda44f6cfe

835d31fd59c62c814742ac21d2ecde0e04a2e73fd4477edcb8dadcf8a307a22a

432fe7421d089148bcff4fba39b4508deef5be4af8e733393e90ccb752ed343b

23dc7f982b6f5ef161518cfbd9d45037c3fbe783b46f1ef0519d26847304c6ea

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pytoh (version 1.0.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pytoh across your stack and pipelines.
If you installed it — respond
pytoh is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If pytoh was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks pytoh before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. pytoh on PyPI has been identified as a malicious package (version 1.0.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2024-09076funcaptcha-ru

References

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks pytoh-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring