{"id":"MAL-2025-3443","summary":"Malicious code in colorona (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (27014d3a14c4b1df61609aa62f901b3f8cb01f4898bb729d52d6cd08928555be)\nIf the method \"SetTerminalColor\", imitating colorama package, is called, then the code exfiltrated browser, discord and Minecraft passwords/tokens.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-04-colorona\n\n\nReasons (based on the campaign):\n\n\n - action-hidden-in-lib-usage\n\n\n - typosquatting\n\n\n - exfiltration-browser-data\n","modified":"2026-03-19T12:51:55.457209Z","published":"2025-04-12T22:41:34Z","database_specific":{"malicious-packages-origins":[{"import_time":"2025-04-25T09:36:46.003121643Z","sha256":"4c2043706fafe095814fd6fbd629c375cb8b0da0584dae5c1ea39fb6e9609a9f","versions":["0.2.6"],"source":"reversing-labs","modified_time":"2025-04-23T16:06:20Z","id":"RLMA-2025-02504"},{"import_time":"2025-12-02T22:30:55.063234579Z","sha256":"8038b2d9ca6cd50ab1bbe9e0d782e00e22223f7117b4a9188a2edbe2adb0ca70","source":"kam193","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"modified_time":"2025-04-12T22:41:34Z","id":"pypi/2025-04-colorona/colorona"},{"import_time":"2025-12-02T23:07:18.073304592Z","sha256":"27014d3a14c4b1df61609aa62f901b3f8cb01f4898bb729d52d6cd08928555be","source":"kam193","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"modified_time":"2025-04-12T22:41:34Z","id":"pypi/2025-04-colorona/colorona"},{"import_time":"2025-12-10T21:38:57.365814534Z","sha256":"35a6bace9b6571730a41deaf32dbff44d85503c0516561bd647a7df228b1c3dd","versions":["0.2.6"],"source":"kam193","modified_time":"2025-04-12T22:41:34Z","id":"pypi/2025-04-colorona/colorona"},{"import_time":"2026-03-19T12:19:35.479090637Z","sha256":"36560d5cd7fb9c68c4a96a0633d8ccf7b5b04041523b795e8931d9c58a5c52bd","source":"reversing-labs","modified_time":"2026-03-18T12:12:44Z","id":"RLUA-2026-00216"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/colorona"}],"affected":[{"package":{"name":"colorona","ecosystem":"PyPI","purl":"pkg:pypi/colorona"},"versions":["0.2.6"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/colorona/MAL-2025-3443.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}