Which versions of secmeasure are malicious?

The following PyPI versions of secmeasure are flagged malicious: 0.1.0, 0.1.1, 0.1.2. Treat any of these as compromised.

How do I remediate secmeasure if I installed it?

secmeasure is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed secmeasure — how do I know if it already compromised me?

If secmeasure was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is secmeasure part of a known attack campaign?

Yes — secmeasure is associated with the 2025-08-secmeasure campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find secmeasure across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for secmeasure (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging secmeasure across your stack and pipelines.

Malicious package

secmeasurePyPI

Malicious code in secmeasure (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2025-47452

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall secmeasure

What this malware does

This package installs the SilentSync remote access trojan and allows remote code execution and data exfiltration. Windows machines are targetted by this malicious package.

Calling a method starts downloading and starting an infostealer script

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-08-secmeasure

Reasons (based on the campaign):

action-hidden-in-lib-usage
Downloads and executes a remote malicious script.
infostealer

Malicious versions

3 flagged

0.1.00.1.10.1.2

Indicators of compromise (SHA-256)

f566db2e1359b455ca36524d9c066854754e71ac92deca9706f69d3d71cc8414

ebfd54accf25face6552daeb47eabe02bdc4e9486791bd3dbab41712db1a96f5

6358a31772627867b25a23822234b0bdbeb14cdaa939e3eeef0c5240ee36d86f

aa1a348d7da9310801f05ee32abd7500a4b0cce976ec41cf295a85fe601cdcfe

43bad55d7fc575031a37e72ea92eabca6e76507bbc57889afdadd7dada2bd62d

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for secmeasure (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging secmeasure across your stack and pipelines.
If you installed it — respond
secmeasure is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If secmeasure was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks secmeasure before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. secmeasure on PyPI has been identified as a malicious package (versions 0.1.0, 0.1.1, 0.1.2 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

2025-08-secmeasure

References

Credits

Kamil Mańkowski (kam193)

Detect & block this

O3 blocks secmeasure-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring