{"id":"MAL-2025-3444","summary":"Malicious code in coloryi (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (7fda5ee85e248eb4ab426d18592fa9703ff19567ed041d3d75740a231464152d)\nImporting the module starts a code that exfiltrates data from local Telegram application\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-03-quicolor\n\n\nReasons (based on the campaign):\n\n\n - exfiltration-generic\n","modified":"2026-03-19T12:51:55.233968Z","published":"2025-03-25T09:28:59Z","database_specific":{"malicious-packages-origins":[{"import_time":"2025-04-25T09:36:46.084399173Z","modified_time":"2025-04-23T16:06:21Z","source":"reversing-labs","id":"RLMA-2025-02505","sha256":"f5df6a7eea6d24cbb7db602f935e7c6ad851ce05cf09417f58185791a85841e0","versions":["10.0.9"]},{"import_time":"2025-12-02T22:30:55.063981936Z","modified_time":"2025-03-25T09:28:59Z","source":"kam193","id":"pypi/2025-03-quicolor/coloryi","sha256":"a156ccbecbbf8714cc28f0e7b04de209b289d8583e998512606470b65bb2b1da","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}]},{"import_time":"2025-12-02T23:07:18.074132407Z","modified_time":"2025-03-25T09:28:59Z","source":"kam193","id":"pypi/2025-03-quicolor/coloryi","sha256":"7fda5ee85e248eb4ab426d18592fa9703ff19567ed041d3d75740a231464152d","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}]},{"import_time":"2025-12-10T21:38:57.366708831Z","modified_time":"2025-03-25T09:28:59Z","source":"kam193","id":"pypi/2025-03-quicolor/coloryi","sha256":"b31669d50a369022e06125b676383ec5c826daf277494b646ad48fc852462315","versions":["10.0.9"]},{"import_time":"2026-03-19T12:19:35.573597Z","modified_time":"2026-03-18T12:12:45Z","source":"reversing-labs","id":"RLUA-2026-00217","sha256":"18051d27596576c1132e8370577d22fbe69bb56b545fbe874613256f50cd3809"}],"iocs":{"urls":["https://api.telegram.org/bot7866811532:AAHWBkH7NH7XheqQBRIdfoCk4psEr0BBrjg/sendDocument"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/coloryi"}],"affected":[{"package":{"name":"coloryi","ecosystem":"PyPI","purl":"pkg:pypi/coloryi"},"versions":["10.0.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/coloryi/MAL-2025-3444.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}