MAL-2024-12246

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/colourfulls/MAL-2024-12246.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-12246

Published

2024-09-08T13:52:34Z

Modified

2025-12-12T20:34:23.538787Z

Summary

Malicious code in colourfulls (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (735ca3ff38b76e7b11c1f7b884880871427299042e250bb42e17dcf66b8c8e11)

Once imported, the module attempts to download an executable, put into Discord directory and most probably trick discord to start it. The download link does not work any more, so it's not possible to say what exactly the remote file did.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-08-old-colourfulls

Reasons (based on the campaign):

Downloads and executes a remote executable.
typosquatting

Database specific

{
    "malicious-packages-origins": [
        {
            "id": "pypi/2024-08-old-colourfulls/colourfulls",
            "import_time": "2025-12-02T22:30:55.064607154Z",
            "source": "kam193",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "modified_time": "2024-09-08T13:52:34Z",
            "sha256": "05361e9ae5d4e524b74277f42f1c642e882e424fa5b7b2960f3f40f54ae65de8"
        },
        {
            "id": "pypi/2024-08-old-colourfulls/colourfulls",
            "import_time": "2025-12-02T23:07:18.075021086Z",
            "source": "kam193",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "modified_time": "2024-09-08T13:52:34Z",
            "sha256": "735ca3ff38b76e7b11c1f7b884880871427299042e250bb42e17dcf66b8c8e11"
        },
        {
            "id": "pypi/2024-08-old-colourfulls/colourfulls",
            "import_time": "2025-12-10T21:38:57.367556552Z",
            "source": "kam193",
            "versions": [
                "1.0.0"
            ],
            "modified_time": "2024-09-08T13:52:34Z",
            "sha256": "2359e28fa8ea5029c6a3a151b7ca29437b37c223577a3a9e503197488ba46cc2"
        }
    ],
    "iocs": {
        "urls": [
            "https://cdn.discordapp.com/attachments/941400716956799106/942268626843619348/malveillant.exe"
        ]
    }
}

References

https://bad-packages.kam193.eu/pypi/package/colourfulls

Credits

- Kamil Mańkowski (kam193)
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/
- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/

Affected packages

PyPI / colourfulls

Package

Name: colourfulls; View open source insights on deps.dev
Purl: pkg:pypi/colourfulls

Affected ranges

Affected versions

1.*

1.0.0

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/colourfulls/MAL-2024-12246.json"