Which versions of selenium-plugin are malicious?

The following PyPI versions of selenium-plugin are flagged malicious: 1.0.0. Treat any of these as compromised.

How do I remediate selenium-plugin if I installed it?

selenium-plugin is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed selenium-plugin — how do I know if it already compromised me?

If selenium-plugin was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is selenium-plugin part of a known attack campaign?

Yes — selenium-plugin is associated with the RLMA-2025-00523, 2024-12-selenium-plugin, RLUA-2026-00750 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find selenium-plugin across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for selenium-plugin (version 1.0.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging selenium-plugin across your stack and pipelines.

Malicious package

selenium-pluginPyPI

Malicious code in selenium-plugin (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2025-982

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall selenium-plugin

What this malware does

During installation or importing, the package downloads a small executable and register autostart of its. While it's hard to get the full activity of the executable, it does download what appears to be an encrypted data from GitHub repo full of suspicious files, including bitcoin miners.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-12-selenium-plugin

Reasons (based on the campaign):

modify-system-without-consent
peristence-autorun
dependency-confusion

Malicious versions

1 flagged

1.0.0

Indicators of compromise (SHA-256)

3156520a78bd712fd65f997daf4bfb84e07f2002e6676c2435cd4a065837d60a

285049dfcfb02c58999da335109b40d2e913fa10f992a35676d2541e1bfc2ad8

6e002fd5736f780c2fc01668d4e37d008d211fa2547b96cb960b11edd5b87d64

74e6f3af3efac275c26e4e4b9393e44b120297adce8c0cd3108f3d90d7358a5a

dd5f542ff0a3ad1380076c59fbfd5949de11e3852212b9523ba1e4edb4bf0f4a

31fa1b533ba6c4162e1b5f17a299fe05c0c1da53437c1a893427f7223ad9e925

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for selenium-plugin (version 1.0.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging selenium-plugin across your stack and pipelines.
If you installed it — respond
selenium-plugin is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If selenium-plugin was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks selenium-plugin before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. selenium-plugin on PyPI has been identified as a malicious package (version 1.0.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2025-005232024-12-selenium-pluginRLUA-2026-00750

References

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks selenium-plugin-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring