-= Per source details. Do not edit below this line.=-
Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation.
Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
Campaign: 2023-12-valuent
Reasons (based on the campaign):
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
The package overrides the install command in setup.py to execute malicious code during installation.
Downloads and executes a remote malicious script.
{
"malicious-packages-origins": [
{
"sha256": "878bc6d33ebd6158009ec874d1cbeb88951f51c2a6ac02994c33d369ad8a0773",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2024-11-30T09:03:27Z",
"source": "kam193",
"id": "pypi/2023-12-valuent/bettercolorstesting",
"import_time": "2025-12-02T22:30:55.88456737Z"
},
{
"sha256": "607fc60886a9983c22c65cd01bb93585f27b0830f203f3b3b181ff12026ea036",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2024-11-30T09:03:27Z",
"source": "kam193",
"id": "pypi/2023-12-valuent/bettercolorstesting",
"import_time": "2025-12-02T23:07:19.068293603Z"
},
{
"versions": [
"1.0.0"
],
"sha256": "42f3e930c5caaeda5f967533004e2968a944b98e79a95160252a33466f7b1dd2",
"modified_time": "2024-11-30T09:03:27Z",
"source": "kam193",
"id": "pypi/2023-12-valuent/bettercolorstesting",
"import_time": "2025-12-10T21:38:58.205667442Z"
}
]
}