Which versions of whatsfly-labfox are malicious?

The following PyPI versions of whatsfly-labfox are flagged malicious: 0.2.0, 0.2.1. Treat any of these as compromised.

How do I remediate whatsfly-labfox if I installed it?

Remove whatsfly-labfox from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is whatsfly-labfox part of a known attack campaign?

Yes — whatsfly-labfox is associated with the IN-MAL-2026-004517, IN-MAL-2026-004515, IN-MAL-2026-004516, IN-MAL-2026-004518 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect whatsfly-labfox in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking whatsfly-labfox and packages like it before any post-install script runs.

Malicious package

whatsfly-labfoxPyPI

Malicious code in whatsfly-labfox (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2026-4776

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall whatsfly-labfox

What this malware does

On import whatsfly, whatsfly/__init__.py invokes ensureUsableBinaries() from whatsfly/dependencies/builder.py, which downloads a native binary (.so/.dll/.dylib) from the GitHub Actions artifacts API for Labfox/whatsfly, unzips it under whatsfly/dependencies/whatsmeow/, and whatsmeow.py loads it directly via ctypes.CDLL(...). The download is authenticated with a fine-grained GitHub Personal Access Token (github_pat_11AZ7BYQI05SxpWYyU3Ctr_e2PlN...) reconstructed at runtime from a per-character list in whatsfly/dependencies/github_actions_download.py:7 — a deliberate obfuscation pattern used to evade GitHub's automated secret scanning. Two installer-impacting consequences follow: (1) every installer extracts the same live GitHub PAT and can use it against the author's GitHub account and the Labfox/whatsfly repository (credential redistribution to third parties); (2) the fetched artifact is a GitHub Actions artifact (mutable, 90-day TTL) pinned only by the loose string version="v20" with no hash or signature verification — anyone holding the PAT (including any installer of this package) can replace the artifact and achieve remote code execution on every subsequent importer via the ctypes load.

Malicious versions

2 flagged

0.2.00.2.1

Indicators of compromise (SHA-256)

44d4a24d293f810bd11587936b79a835fb0671b7af961328f836d57c7b0c4514

68fe57da48ce63ec7cec5176168ccdfbe05e8b6f83a83c39a0440289141ee2d1

c63e3f4776abe00db50f3d7e34bea3ed308a52b6e0c44872692b0dce50290d1f

f6aa24abde03297259d087a25b56eaa29010b3d2857599bbe9fbe0b60af92959

Frequently asked questions

No. whatsfly-labfox on PyPI has been identified as a malicious package (versions 0.2.0, 0.2.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-004517IN-MAL-2026-004515IN-MAL-2026-004516IN-MAL-2026-004518

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection