MAL-2025-5126

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/readmecolorama/MAL-2025-5126.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-5126
Aliases
  • SNYK-PYTHON-READMECOLORAMA-10305013
Published
2025-05-18T00:05:16Z
Modified
2026-03-19T12:56:15.108707Z
Summary
Malicious code in readmecolorama (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (4f74e374afe61cdaa52e0c651ae413abc94b50cd15de263a9d247de21bfc6fa1)

Importing the module starts download and running a remote executable, identified as malware by AVs

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-05-coloramashowtemp

Reasons (based on the campaign):

  • Downloads and executes a remote executable.

  • malware

Database specific 
{
    "malicious-packages-origins": [
        {
            "id": "RLMA-2025-03023",
            "import_time": "2025-06-18T15:06:02.421579205Z",
            "source": "reversing-labs",
            "versions": [
                "0.1.0"
            ],
            "modified_time": "2025-06-18T10:15:18Z",
            "sha256": "7cad9d6c1364c940f087a52f3136ddbcd1e2e7e9118de880284237a1d839055f"
        },
        {
            "id": "RLUA-2025-03673",
            "import_time": "2025-08-01T10:41:35.405563504Z",
            "source": "reversing-labs",
            "modified_time": "2025-07-31T19:16:15Z",
            "sha256": "c0f43da6669cf9a48e88ad211fe0d2db630c4e94668c3a1feb12d5fef4db7d53"
        },
        {
            "id": "pypi/2025-05-coloramashowtemp/readmecolorama",
            "import_time": "2025-12-02T22:30:55.523169522Z",
            "source": "kam193",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "modified_time": "2025-05-18T00:05:16Z",
            "sha256": "55c2f9671efb3bc3772a29971fae2313022349abe5970a426c36e305e5c25538"
        },
        {
            "id": "pypi/2025-05-coloramashowtemp/readmecolorama",
            "import_time": "2025-12-02T23:07:18.560025246Z",
            "source": "kam193",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "modified_time": "2025-05-18T00:05:16Z",
            "sha256": "4f74e374afe61cdaa52e0c651ae413abc94b50cd15de263a9d247de21bfc6fa1"
        },
        {
            "id": "pypi/2025-05-coloramashowtemp/readmecolorama",
            "import_time": "2025-12-10T21:38:57.769232589Z",
            "source": "kam193",
            "versions": [
                "0.1.0"
            ],
            "modified_time": "2025-05-18T00:05:16Z",
            "sha256": "f19060de81fafe38f1b4cb199a4b1e81561dfb03f5b7138a0bc48c6654f3c929"
        },
        {
            "id": "RLUA-2026-00690",
            "import_time": "2026-03-19T12:20:20.972103929Z",
            "source": "reversing-labs",
            "modified_time": "2026-03-18T12:18:03Z",
            "sha256": "8c7bf735728e56da8fed531f236ac6f6b4cad05c269cd4591e9268f11c421e5c"
        }
    ],
    "iocs": {
        "urls": [
            "https://raw.githubusercontent.com/s7bhme/gg/refs/heads/main/x69gg.exe",
            "https://github.com/s7bhme/gg/raw/refs/heads/main/x69gg.exe",
            "https://github.com/s7bhme/sada/raw/refs/heads/main/x69.exe"
        ]
    }
}
References
Credits

Affected packages

PyPI / readmecolorama

Package

Name
readmecolorama
View open source insights on deps.dev
Purl
pkg:pypi/readmecolorama

Affected ranges

Affected versions

0.*
0.1.0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/readmecolorama/MAL-2025-5126.json"