Which versions of tingetone are malicious?

The following PyPI versions of tingetone are flagged malicious: 0.0.1, 0.0.2. Treat any of these as compromised.

How do I remediate tingetone if I installed it?

tingetone is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed tingetone — how do I know if it already compromised me?

If tingetone was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is tingetone part of a known attack campaign?

Yes — tingetone is associated with the RLMA-2024-11186, 2024-11-tingetone, RLUA-2026-00824 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find tingetone across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for tingetone (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging tingetone across your stack and pipelines.

Malicious package

tingetonePyPI

Malicious code in tingetone (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-11727

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall tingetone

What this malware does

Importing the module starts the banner() function, which downloads and runs an obfuscated remote script. The package seems to be a clone a one of existing similar packages.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-11-tingetone

Reasons (based on the campaign):

clones-real-package
obfuscation
Downloads and executes a remote executable.

Malicious versions

2 flagged

0.0.10.0.2

Indicators of compromise (SHA-256)

33dd87f3af741f64f013ba8611705181cf02eb20b4646c713a80a9ac2faa7e3f

467150fa6b3f37f5624f7886a5e006622596953f021a8e46052defad21c6072c

014c881ede6ff27565f1de4842b4f7c10162a2daa47c98a4470188571a60639f

d8e1160a375a42fa6aca0be7007d2ec97bae754cb73da21cbecbaf8e64f73af5

3c57aec825bcd81818d1fcb1a0ce89c5954ec1d09c6e2f022b4dd1e3fdb3c824

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for tingetone (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging tingetone across your stack and pipelines.
If you installed it — respond
tingetone is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If tingetone was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks tingetone before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. tingetone on PyPI has been identified as a malicious package (versions 0.0.1, 0.0.2 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2024-111862024-11-tingetoneRLUA-2026-00824

References

bad-packages.kam193.eu

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks tingetone-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring