Which versions of spider-ai are malicious?

The following PyPI versions of spider-ai are flagged malicious: 0.1, 0.2, 0.3, 0.4, 1.0, 1.1. Treat any of these as compromised.

How do I remediate spider-ai if I installed it?

spider-ai is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed spider-ai — how do I know if it already compromised me?

If spider-ai was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is spider-ai part of a known attack campaign?

Yes — spider-ai is associated with the RLMA-2024-11170, 2024-09-spider-ai, RLUA-2026-00775 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find spider-ai across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for spider-ai (6 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging spider-ai across your stack and pipelines.

Malicious package

spider-aiPyPI

Malicious code in spider-ai (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-11712

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall spider-ai

What this malware does

Every time the user sends a message to the AI, the user IP, message as well as the response are exfiltrated to a hardcoded telegram channel. This behaviour is not mentioned in the package description. Instead, the description lures to offer advanced features.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-09-spider-ai

Reasons (based on the campaign):

exfiltration-generic
A Telegram webhook is used to send collected data.
action-hidden-in-lib-usage

Malicious versions

6 flagged

0.10.20.30.41.01.1

Indicators of compromise (SHA-256)

b6044e2088bfccda6a25000a9147c5ee04bdc85b41f6892dffd21d4712a52c9a

78594d424d08bb8ed6403dbf803ae8a366d7632b1b3e2f8c06ccd2b2a3fcd528

aaeb144e288d0288f6013d64f0e9e57164e5c3eded3924fd2282577b59c28f1a

fdebde4ac8f6a4c71147ea096292f248a48ded6a1a0acb428ae7b2d6e6e0b6ec

285e152d1207273a83ab3dfe450adee76419556042defd9de2fd2ab48a5f5419

2c8810dd75efaab9b1c502941ae8b2ce5b66bcb1ad5a5cf45cd23fc2d561693c

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for spider-ai (6 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging spider-ai across your stack and pipelines.
If you installed it — respond
spider-ai is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If spider-ai was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks spider-ai before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. spider-ai on PyPI has been identified as a malicious package (versions 0.1, 0.2, 0.3, 0.4, 1.0, 1.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2024-111702024-09-spider-aiRLUA-2026-00775

References

bad-packages.kam193.eu

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks spider-ai-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring