MAL-2024-11560
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/colotama/MAL-2024-11560.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2024-11560
- Published
- 2024-09-29T16:36:08Z
- Modified
- 2025-12-31T02:52:57.533279Z
- Summary
- Malicious code in colotama (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (fa7312f48aedc863c1eb3377178692b7cb1fe1503114d3cbc6cdc97572b9a6c0)
The pyprettifier library has a feature to send out the user home path throuh the logger. It's attached to the init of EmojiConverter class. Other related packages utilize a typosquatting to imitate real packages, and attempts to call the EmojiConverter from pyprettifier, triggering notifying the author about the user's home path.
Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
Campaign: 2024-09-pyprettifier
Reasons (based on the campaign):
typosquatting
The malicious code is intentionally included in a dependency of the package
action-hidden-in-lib-usage
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
Source: ossf-package-analysis (18c9d3a75d7d00423b531ffce7bf8ecbe34e723046045707f3ce1bd6043255fe)
The OpenSSF Package Analysis project identified 'colotama' @ 0.4.8 (pypi) as malicious.
It is considered malicious because:
- The package communicates with a domain associated with malicious activity.
- Database specific
{ "malicious-packages-origins": [ { "id": "RLMA-2024-11007", "import_time": "2024-12-09T14:38:42.367077937Z", "source": "reversing-labs", "versions": [ "0.4.4", "0.4.5", "0.4.7", "0.4.8", "0.4.9", "0.5.0" ], "modified_time": "2024-12-09T06:50:01Z", "sha256": "6a267b7a9b92a77e1838d93bb8ab55b8ad8aa132bf1f371108a9b3a8a31bd3bb" }, { "import_time": "2025-02-10T05:35:47.229602921Z", "source": "ossf-package-analysis", "versions": [ "0.4.8" ], "modified_time": "2024-09-29T16:36:08Z", "sha256": "18c9d3a75d7d00423b531ffce7bf8ecbe34e723046045707f3ce1bd6043255fe" }, { "import_time": "2025-02-10T05:35:47.314378023Z", "source": "ossf-package-analysis", "versions": [ "0.5.0" ], "modified_time": "2024-09-29T16:51:09Z", "sha256": "6393d8ebf54de33a6f79256270b507e8302a4326d5572cc9448d62433f830dfa" }, { "id": "pypi/2024-09-pyprettifier/colotama", "import_time": "2025-12-02T22:30:55.952604582Z", "source": "kam193", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "modified_time": "2024-09-29T18:01:44Z", "sha256": "fc95a2119d3cdd55feddcc76a9e9abc6305a7bcc11c531393c641496a4554c3a" }, { "id": "pypi/2024-09-pyprettifier/colotama", "import_time": "2025-12-02T23:07:19.142574299Z", "source": "kam193", "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" } ] } ], "modified_time": "2024-09-29T18:01:44Z", "sha256": "fa7312f48aedc863c1eb3377178692b7cb1fe1503114d3cbc6cdc97572b9a6c0" }, { "id": "pypi/2024-09-pyprettifier/colotama", "import_time": "2025-12-10T21:38:58.280968638Z", "source": "kam193", "versions": [ "0.4.7", "0.4.4", "0.4.5", "0.4.6", "0.4.8", "0.4.9", "0.5.0" ], "modified_time": "2024-09-29T18:01:44Z", "sha256": "620ac081dd0c9b0c92e59a4db27aeca43bc1ed090b14c59cb16082f50e2bd9d3" }, { "id": "pypi/2024-09-pyprettifier/colotama", "import_time": "2025-12-30T22:39:04.275738408Z", "source": "kam193", "versions": [ "0.4.4", "0.4.5", "0.4.6", "0.4.7", "0.4.8", "0.4.9", "0.5.0" ], "modified_time": "2024-09-29T18:01:44Z", "sha256": "d59bd47575cd3358dbf6db2ee85b0a07661993f821d40a17ee2f5d71932753b2" } ] }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - ANALYST
-
- OpenSSF: Package Analysis - FINDER
-
- ReversingLabs - FINDER
-
Affected packages
PyPI / colotama
Package
- Name
- colotama
- View open source insights on deps.dev
- Purl
- pkg:pypi/colotama