{"id":"MAL-2025-2949","summary":"Malicious code in colorizetext (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (23bf8532a92e751d1429028961f8b21697466cf5938e629cd11105928584f017)\nPackage has a hidden code starting an infostealer\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-03-colorizetext\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n\n\n - obfuscation\n","modified":"2026-04-16T15:58:30.399915Z","published":"2025-03-05T16:15:15Z","database_specific":{"malicious-packages-origins":[{"sha256":"73aea433df0f3c717cbafc462b62b8a8c48e475c4b82544d869bb5de4aa3d7c7","source":"reversing-labs","id":"RLMA-2025-01947","versions":["0.1.1","0.1.2","0.1.3","0.1.4"],"modified_time":"2025-03-28T13:05:28Z","import_time":"2025-03-31T07:07:05.08183651Z"},{"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"source":"kam193","id":"pypi/2025-03-colorizetext/colorizetext","sha256":"ea918aef023cdba6e2d62f4227124588059de8955cadeed028abb62bd23202d0","modified_time":"2025-03-05T16:15:15Z","import_time":"2025-12-02T22:30:55.062521937Z"},{"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"source":"kam193","id":"pypi/2025-03-colorizetext/colorizetext","sha256":"23bf8532a92e751d1429028961f8b21697466cf5938e629cd11105928584f017","modified_time":"2025-03-05T16:15:15Z","import_time":"2025-12-02T23:07:18.072274918Z"},{"sha256":"6f5a82809c3a2708e443d4b2165197010ba23d478f8f7d67f0903995bd9390f8","source":"kam193","id":"pypi/2025-03-colorizetext/colorizetext","versions":["0.1.0","0.1.1","0.1.2","0.1.3"],"modified_time":"2025-03-05T16:15:15Z","import_time":"2025-12-10T21:38:57.364954611Z"},{"sha256":"e2f6bc5636189c5d92fa41ed47e9d7cab6883c71b87371d52e1f60a861d38e91","source":"reversing-labs","id":"RLUA-2026-00215","modified_time":"2026-03-18T12:12:43Z","import_time":"2026-03-19T12:19:35.398167237Z"},{"sha256":"51bb17dac846ecd1e51cf07e3c69749be0343a2cc552f459504c9514541c40e6","source":"reversing-labs","id":"RLUA-2026-02068","versions":["0.1.0"],"modified_time":"2026-04-16T10:25:55Z","import_time":"2026-04-16T15:39:34.605352283Z"}],"iocs":{"urls":["https://github.com/Uwu-Kagami"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/colorizetext"}],"affected":[{"package":{"name":"colorizetext","ecosystem":"PyPI","purl":"pkg:pypi/colorizetext"},"versions":["0.1.1","0.1.2","0.1.3","0.1.4","0.1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/colorizetext/MAL-2025-2949.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}