Which versions of roboat-addition are malicious?

The following PyPI versions of roboat-addition are flagged malicious: 0.0.1. Treat any of these as compromised.

How do I remediate roboat-addition if I installed it?

roboat-addition is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed roboat-addition — how do I know if it already compromised me?

If roboat-addition was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is roboat-addition part of a known attack campaign?

Yes — roboat-addition is associated with the 2026-03-roboat-addition campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find roboat-addition across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for roboat-addition (version 0.0.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging roboat-addition across your stack and pipelines.

Malicious package

roboat-additionPyPI

Malicious code in roboat-addition (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2026-2279

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall roboat-addition

What this malware does

During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap.

The campaign is built over a malicious Roblox API wrapper. The roboat[.]pro (later robase[.]app) domain advertises a wrapper that is either directly malicious (as roboat collected in the campaign 2026-03-rowrap) or uses a malicious dependencies (like roboat-utils). New versions are published simultaneously with malicious dependencies and quickly removed. Another advertisement channel is https://github.com/Addi9000/roboat referencing two active contributors: https://github.com/Addi9000 and https://github.com/RoCruise

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-03-roboat-addition

Reasons (based on the campaign):

The package overrides the install command in setup.py to execute malicious code during installation.
Downloads and executes a remote executable.
The malicious code is intentionally included in a dependency of the package
malware
clones-real-package

Malicious versions

1 flagged

0.0.1

Indicators of compromise (SHA-256)

64c7ca0bc5cef938aab1b79057a666ed8ca605d9eea45e3edc1dcf487c3800df

d57dfa21509226397ca4ce4854161dda97860c25f037bae84f231732052cb8af

010c99704f3f7481a33ee8859850a37044b1df8970cc4619250b7b82721d71e6

9d22678ccd7de1941567cb00b0fff00579d2fde1f21188141cc233734a98ab0e

3c973900a0db1c9d9db681c5c8c8b2250745617a5ae4a84eb1ec1e128c4e7cce

e3fe6744e84005fe8c7311d0c8879e18480f16bd38c4fea2604d2d0c92b1d80a

9640a6230567562f34319cc50a2c91ce1979ff67d3a5f2cef959ed6e2759862e

d96c90541304c2a2717802d722733d20bb4fc07ef4ac271d48a66794ca651048

ece419769280a3d6ce017d5cc460eaf49742fde83ede008765b77f3e49ff67e6

0ce272da14737cd044915aa758524e40c16d867930287b3b790aa3a4f1bf8802

c56fda324fdcdc15655064ae2e79ee814e61576fdb6c192b02ffa8f398672db8

f17fb9c84d2879a5e2fcdb213fcd0f55e95e3b59bcc9b8993fd80058fd6556f1

d00653f24370c6f574084338dc3fc5d5a760376aa52ed4050ec3040df6a193be

a4540e4bf12f7fc44a747ae4f6a9f463ee958f157de57cc377500b1f322c6da5

b4c282b39464c3b432c54d3ff19e9527356fc4732a4609f4a16c1e5e78817da9

98c773230f89f991e92b262cd9fc5b473001d4c57e5eb507c36c22d3f85ace98

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for roboat-addition (version 0.0.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging roboat-addition across your stack and pipelines.
If you installed it — respond
roboat-addition is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If roboat-addition was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks roboat-addition before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. roboat-addition on PyPI has been identified as a malicious package (version 0.0.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

2026-03-roboat-addition

References

Credits

Kamil Mańkowski (kam193) · reporter

Detect & block this

O3 blocks roboat-addition-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring