MAL-2026-562
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/tabullates/MAL-2026-562.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-562
- Published
- 2026-01-28T07:42:32Z
- Modified
- 2026-03-13T06:51:05.609426Z
- Summary
- Malicious code in tabullates (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (499d47c3064299cb3d921b32ac9f22c2bab7b0b841b3de3a0cee3029625d5d26)
Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in background periodically connects to a remote host and waits for next code to execute
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-11-spellcheckers
Reasons (based on the campaign):
obfuscation
Downloads and executes a remote malicious script.
The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.
- Database specific
{ "iocs": { "domains": [ "dothebest.store", "searchbox.info", "updatenet.work" ], "urls": [ "https://dothebest.store/allow/inform.php", "https://dothebest.store/refresh.php", "https://searchbox.info/prefer.php", "https://updatenet.work/settings/history.php", "https://dothebest.store/allow" ] }, "malicious-packages-origins": [ { "versions": [ "1.0.1" ], "modified_time": "2026-01-28T07:42:32.283211Z", "sha256": "499d47c3064299cb3d921b32ac9f22c2bab7b0b841b3de3a0cee3029625d5d26", "id": "pypi/2025-11-spellcheckers/tabullates", "source": "kam193", "import_time": "2026-01-28T08:10:46.453455711Z" }, { "versions": [ "1.0.1", "1.0.2" ], "modified_time": "2026-01-28T09:03:09.192995Z", "sha256": "f5af0290d2ad9a879ef3624e8cca4bec9095fdb44db0282b226e13ea50ff92bd", "id": "pypi/2025-11-spellcheckers/tabullates", "source": "kam193", "import_time": "2026-01-28T09:46:09.164774837Z" }, { "versions": [ "1.0.1", "1.0.2", "1.0.3" ], "modified_time": "2026-01-28T11:09:45.671528Z", "sha256": "65716e7bcfa81eb62800794a53ce1f01c6593e89a016b3d30f7803e3107036c4", "id": "pypi/2025-11-spellcheckers/tabullates", "source": "kam193", "import_time": "2026-01-28T11:39:32.809136179Z" }, { "versions": [ "1.0.1", "1.0.2", "1.0.3", "1.0.4" ], "modified_time": "2026-01-28T13:24:12.682678Z", "sha256": "6af1b6872fcae12cc1651e6981265f929ab2532437971cb983876a9ae6e01aaf", "id": "pypi/2025-11-spellcheckers/tabullates", "source": "kam193", "import_time": "2026-01-28T13:49:01.828657965Z" }, { "versions": [ "1.0.1", "1.0.2", "1.0.3", "1.0.4" ], "modified_time": "2026-01-28T13:24:12.682678Z", "sha256": "8a340ee49ae80adf9f248ab7d565ff184ce2b93466a522ba91c321a9fe1c7a8f", "id": "pypi/2025-11-spellcheckers/tabullates", "source": "kam193", "import_time": "2026-01-28T19:11:43.706788748Z" }, { "versions": [ "1.0.1", "1.0.2", "1.0.3", "1.0.4" ], "modified_time": "2026-01-28T13:24:12.682678Z", "sha256": "7fdbcc76dc779d82632d7bfa1643843861e17cb03839382640c68637b61627ff", "id": "pypi/2025-11-spellcheckers/tabullates", "source": "kam193", "import_time": "2026-03-11T10:47:48.538928009Z" } ] }- References
- Credits
-
-
- Kamil MaĆkowski (kam193) - ANALYST
-
Affected packages
PyPI / tabullates
Package
- Name
- tabullates
- View open source insights on deps.dev
- Purl
- pkg:pypi/tabullates