Which versions of toorc are malicious?

The following PyPI versions of toorc are flagged malicious: 0.0.1. Treat any of these as compromised.

How do I remediate toorc if I installed it?

toorc is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed toorc — how do I know if it already compromised me?

If toorc was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is toorc part of a known attack campaign?

Yes — toorc is associated with the 2026-06-ip-rotat, IN-MAL-2026-007334 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find toorc across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for toorc (version 0.0.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging toorc across your stack and pipelines.

Malicious package

toorcPyPI

Malicious code in toorc (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2026-6290

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall toorc

What this malware does

On pip install (and even pip download), the package's setup.py overrides the install and egg_info commands to execute a RunCommand() routine that serializes every entry in os.environ into a key=value query string and captures the output of ps -elf. The combined payload is then POSTed via curl over plaintext HTTP to http://gjampdwmdjmppwedtkpbbdkq05f6iiz6r.oast.fun, a unique subdomain on the public interactsh out-of-band testing service. Any CI/build secrets present in the environment at install time (AWS_*, GITHUB_TOKEN, NPM_TOKEN, CI provider tokens, etc.) leak to the attacker-controlled OAST listener, along with a snapshot of running processes on the host.

During installation, the package exfiltrates env variables

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-ip-rotat

Reasons (based on the campaign):

The package overrides the install command in setup.py to execute malicious code during installation.
exfiltration-env-variables
typosquatting

Malicious versions

1 flagged

0.0.1

Indicators of compromise (SHA-256)

f9b8be8a4e20e24b88630f331f4bdd7bc66e208558ece25843aecc7a8110b4b4

2cfd36909e089f17439dd3227c6f5ccef2fef2964dc26bbdbaaef0481b54615d

02334bfe46d6509e7900323066c5bb2eda0d5a34a6906cee5ccca3abaecb3ade

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for toorc (version 0.0.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging toorc across your stack and pipelines.
If you installed it — respond
toorc is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If toorc was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks toorc before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. toorc on PyPI has been identified as a malicious package (version 0.0.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

2026-06-ip-rotatIN-MAL-2026-007334

References

Credits

Amazon Inspector · finder
Kamil Mańkowski (kam193) · reporter

Detect & block this

O3 blocks toorc-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring