MAL-2026-492

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/tableates/MAL-2026-492.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-492
Published
2026-01-23T13:57:05Z
Modified
2026-01-23T15:51:03.207587Z
Summary
Malicious code in tableates (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (c69d9a3e244227f4e4146b60829ead907656c47989b3b83e1e5f56a2c06064ff)

Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in background periodically connects to a remote host and waits for next code to execute

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-11-spellcheckers

Reasons (based on the campaign):

  • obfuscation

  • Downloads and executes a remote malicious script.

  • The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.

Database specific 
{
    "iocs": {
        "domains": [
            "dothebest.store",
            "searchbox.info",
            "updatenet.work"
        ],
        "urls": [
            "https://dothebest.store/allow/inform.php",
            "https://dothebest.store/refresh.php",
            "https://searchbox.info/prefer.php",
            "https://updatenet.work/settings/history.php"
        ]
    },
    "malicious-packages-origins": [
        {
            "modified_time": "2026-01-23T13:57:05.835738Z",
            "id": "pypi/2025-11-spellcheckers/tableates",
            "import_time": "2026-01-23T14:43:12.199478853Z",
            "versions": [
                "1.0.3",
                "1.0.4",
                "1.0.5"
            ],
            "sha256": "c69d9a3e244227f4e4146b60829ead907656c47989b3b83e1e5f56a2c06064ff",
            "source": "kam193"
        },
        {
            "modified_time": "2026-01-23T14:57:05.807792Z",
            "id": "pypi/2025-11-spellcheckers/tableates",
            "import_time": "2026-01-23T15:42:03.010165456Z",
            "versions": [
                "1.0.3",
                "1.0.4",
                "1.0.5"
            ],
            "sha256": "5a8919788006840612f4bfd881d7fdf82ca62a2dd06118ee99f95f1e4b58d4e4",
            "source": "kam193"
        }
    ]
}
References
Credits

Affected packages

PyPI / tableates

Package

Name
tableates
View open source insights on deps.dev
Purl
pkg:pypi/tableates

Affected ranges

Affected versions

1.*

1.0.3
1.0.4
1.0.5

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/tableates/MAL-2026-492.json"