Which versions of strcolrify are malicious?

The following PyPI versions of strcolrify are flagged malicious: 1.8. Treat any of these as compromised.

How do I remediate strcolrify if I installed it?

Remove strcolrify from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.

I already installed strcolrify — how do I know if it already compromised me?

If strcolrify was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is strcolrify part of a known attack campaign?

Yes — strcolrify is associated with the RLMA-2024-04846, RLUA-2024-09313 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find strcolrify across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for strcolrify (version 1.8). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging strcolrify across your stack and pipelines.

Malicious package

strcolrifyPyPI

Malicious code in strcolrify (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-6043

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall strcolrify

Malicious versions

1 flagged

1.8

Indicators of compromise (SHA-256)

42a4d9c9fe235d98e83b648521689ef64531ed96afe93c4b4b7aea8f7a5cefb9

751dd90e4da4a96f4cb1b8f3bdc001ed51c6894dfb9fa4b814a2cb2c6dce2025

Detection & response playbook

Malicious package

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for strcolrify (version 1.8). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging strcolrify across your stack and pipelines.
If you installed it — respond
Remove strcolrify from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.
Did it already run?
If strcolrify was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks strcolrify before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. strcolrify on PyPI has been identified as a malicious package (version 1.8 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2024-04846RLUA-2024-09313

Credits

ReversingLabs · finder

Detect & block this

O3 blocks strcolrify-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.

Malware detection Runtime egress monitoring

strcolrifyPyPI

Malicious versions

Indicators of compromise (SHA-256)

Detection & response playbook

Find it

If you installed it — respond

Did it already run?

How O3 protects you

Frequently asked questions

Campaign

Credits

Detect & block this