Which versions of spiderxr-ai are malicious?

The following PyPI versions of spiderxr-ai are flagged malicious: 0.1.5, 0.4, 0.5. Treat any of these as compromised.

How do I remediate spiderxr-ai if I installed it?

spiderxr-ai is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed spiderxr-ai — how do I know if it already compromised me?

If spiderxr-ai was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is spiderxr-ai part of a known attack campaign?

Yes — spiderxr-ai is associated with the RLMA-2024-11171, 2024-09-spider-ai, RLUA-2026-00776 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find spiderxr-ai across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for spiderxr-ai (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging spiderxr-ai across your stack and pipelines.

Malicious package

spiderxr-aiPyPI

Malicious code in spiderxr-ai (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-11713

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall spiderxr-ai

What this malware does

Every time the user sends a message to the AI, the user IP, message as well as the response are exfiltrated to a hardcoded telegram channel. This behaviour is not mentioned in the package description. Instead, the description lures to offer advanced features.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-09-spider-ai

Reasons (based on the campaign):

exfiltration-generic
A Telegram webhook is used to send collected data.
action-hidden-in-lib-usage

Malicious versions

3 flagged

0.1.50.40.5

Indicators of compromise (SHA-256)

a7e531ba72499b5f765ac29995921f02f6c555787db9b0c32d6c76b94c25cca5

caf9b52ada123cf3d3e432162b6ccd4a0d5b46357423613d75f939f7c626e721

0c97841e41e7389c0df8b2d96f2a9b1c033f443358bf780c5988bf352f07608f

ddfe776d584bafdd6a9f9eb3b42cad56b2e91298e4778a94e656756c5eb4656f

3cf1210e58ac7a7db8992eaa84df5369c626d8abd7ff24889dc4eed58b2f1e45

7bd88b30701c8d52aec34344459a22d82d54de6b3998233a36da963698c589a9

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for spiderxr-ai (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging spiderxr-ai across your stack and pipelines.
If you installed it — respond
spiderxr-ai is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If spiderxr-ai was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks spiderxr-ai before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. spiderxr-ai on PyPI has been identified as a malicious package (versions 0.1.5, 0.4, 0.5 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2024-111712024-09-spider-aiRLUA-2026-00776

References

bad-packages.kam193.eu

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks spiderxr-ai-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring