MAL-2025-3441

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/colorina/MAL-2025-3441.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-3441
Published
2025-04-10T07:47:51Z
Modified
2026-04-16T16:00:40.780730Z
Summary
Malicious code in colorina (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (5280fa2df728b98c1eda6d86d4b0fc233d4bd0d58ac17160427e16f1bb154081)

Using the "color" function will exfiltrated data like discord tokens, browser-saved passwords and Minecraft access tokens


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-04-colorina

Reasons (based on the campaign):

  • exfiltration-browser-data

  • action-hidden-in-lib-usage

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "0.1.3",
                "0.1.6",
                "0.2.0",
                "0.2.2",
                "0.2.3",
                "0.2.4",
                "0.2.5"
            ],
            "id": "RLMA-2025-02502",
            "modified_time": "2025-04-23T16:06:19Z",
            "import_time": "2025-04-25T09:36:45.855444559Z",
            "sha256": "31aadc2172d1e9969ff4dbdc95124525c61dc5df9faeac8ceba2e4cf60f4744f",
            "source": "reversing-labs"
        },
        {
            "id": "pypi/2025-04-colorina/colorina",
            "modified_time": "2025-04-10T07:47:51Z",
            "import_time": "2025-12-02T22:30:55.061002761Z",
            "sha256": "96f6290f5c4cb010eab3654f3a50a3a7d4d29f238e9deb28781a2ce319d1b549",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "source": "kam193"
        },
        {
            "id": "pypi/2025-04-colorina/colorina",
            "modified_time": "2025-04-10T07:47:51Z",
            "import_time": "2025-12-02T23:07:18.070853458Z",
            "sha256": "5280fa2df728b98c1eda6d86d4b0fc233d4bd0d58ac17160427e16f1bb154081",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "source": "kam193"
        },
        {
            "versions": [
                "0.1.0",
                "0.1.3",
                "0.1.2",
                "0.1.4",
                "0.1.5",
                "0.1.6",
                "0.2.2",
                "0.2.0",
                "0.2.3",
                "0.2.4",
                "0.2.5"
            ],
            "id": "pypi/2025-04-colorina/colorina",
            "modified_time": "2025-04-10T07:47:51Z",
            "import_time": "2025-12-10T21:38:57.362929626Z",
            "sha256": "0fc31d68e7eace5995e48f0ebad0b3f8e8a4a64bfca16a682490666648ff634b",
            "source": "kam193"
        },
        {
            "versions": [
                "0.1.0",
                "0.1.2",
                "0.1.3",
                "0.1.4",
                "0.1.5",
                "0.1.6",
                "0.2.0",
                "0.2.2",
                "0.2.3",
                "0.2.4",
                "0.2.5"
            ],
            "id": "pypi/2025-04-colorina/colorina",
            "modified_time": "2025-04-10T07:47:51Z",
            "import_time": "2025-12-30T22:39:04.058838221Z",
            "sha256": "1b35e839e676eef56701f11ca8338200fd40b768d791a656587a7590d016639c",
            "source": "kam193"
        },
        {
            "id": "RLUA-2026-00213",
            "modified_time": "2026-03-18T12:12:42Z",
            "import_time": "2026-03-19T12:19:35.226773524Z",
            "sha256": "24fcce4c030a398e6b412b8ceadf388322cf81a5c925d3266b9fec42d01d2566",
            "source": "reversing-labs"
        },
        {
            "versions": [
                "0.1.5",
                "0.1.2",
                "0.1.4",
                "0.1.0"
            ],
            "id": "RLUA-2026-02067",
            "modified_time": "2026-04-16T10:25:53Z",
            "import_time": "2026-04-16T15:39:34.461574753Z",
            "sha256": "5de4be14c8ab2a7cbf06e5ef3cba1670d49da23d87e7e4a89ef1de4bf14095bb",
            "source": "reversing-labs"
        }
    ]
}
References
Credits

Affected packages

PyPI / colorina

Package

Affected ranges

Affected versions

0.*
0.1.0
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.2.0
0.2.2
0.2.3
0.2.4
0.2.5

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/colorina/MAL-2025-3441.json"