{"id":"MAL-2026-1480","summary":"Malicious code in pretty-tabulate (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (807e99c43a51fb7620cee47a356774c3ead94e75c4bc48621a942c835107b2eb)\nMalicious code hidden in the color-list package uses the presence of pretty-tabulate as a trigger to load code hidden in likely a third malicious package. Packages were published simultaneously by two accounts not used for about a year, suggesting hijacked access.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-03-color-list\n\n\nReasons (based on the campaign):\n\n\n - The malicious code is intentionally included in a dependency of the package\n\n\n - obfuscation\n","modified":"2026-03-16T19:01:40.235004Z","published":"2026-03-16T18:04:10Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-03-16T18:04:10.700057Z","source":"kam193","sha256":"807e99c43a51fb7620cee47a356774c3ead94e75c4bc48621a942c835107b2eb","import_time":"2026-03-16T18:50:22.524261818Z","versions":["2.37.1","2.37.2"],"id":"pypi/2026-03-color-list/pretty-tabulate"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/pretty-tabulate"}],"affected":[{"package":{"name":"pretty-tabulate","ecosystem":"PyPI","purl":"pkg:pypi/pretty-tabulate"},"versions":["2.37.1","2.37.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pretty-tabulate/MAL-2026-1480.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}