Which versions of colotama are malicious?

The following PyPI versions of colotama are flagged malicious: 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9, 0.5.0. Treat any of these as compromised.

How do I remediate colotama if I installed it?

colotama is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed colotama — how do I know if it already compromised me?

If colotama was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is colotama part of a known attack campaign?

Yes — colotama is associated with the RLMA-2024-11007, 2024-09-pyprettifier campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find colotama across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for colotama (7 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging colotama across your stack and pipelines.

Malicious package

colotamaPyPI

Malicious code in colotama (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-11560

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall colotama

What this malware does

The pyprettifier library has a feature to send out the user home path throuh the logger. It's attached to the init of EmojiConverter class. Other related packages utilize a typosquatting to imitate real packages, and attempts to call the EmojiConverter from pyprettifier, triggering notifying the author about the user's home path.

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: 2024-09-pyprettifier

Reasons (based on the campaign):

typosquatting
The malicious code is intentionally included in a dependency of the package
action-hidden-in-lib-usage
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

The OpenSSF Package Analysis project identified 'colotama' @ 0.4.8 (pypi) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.

Malicious versions

7 flagged

0.4.40.4.50.4.60.4.70.4.80.4.90.5.0

Indicators of compromise (SHA-256)

6a267b7a9b92a77e1838d93bb8ab55b8ad8aa132bf1f371108a9b3a8a31bd3bb

18c9d3a75d7d00423b531ffce7bf8ecbe34e723046045707f3ce1bd6043255fe

6393d8ebf54de33a6f79256270b507e8302a4326d5572cc9448d62433f830dfa

fc95a2119d3cdd55feddcc76a9e9abc6305a7bcc11c531393c641496a4554c3a

fa7312f48aedc863c1eb3377178692b7cb1fe1503114d3cbc6cdc97572b9a6c0

620ac081dd0c9b0c92e59a4db27aeca43bc1ed090b14c59cb16082f50e2bd9d3

d59bd47575cd3358dbf6db2ee85b0a07661993f821d40a17ee2f5d71932753b2

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for colotama (7 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging colotama across your stack and pipelines.
If you installed it — respond
colotama is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If colotama was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks colotama before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. colotama on PyPI has been identified as a malicious package (versions 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9, 0.5.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2024-110072024-09-pyprettifier

References

bad-packages.kam193.eu

Credits

Kamil Mańkowski (kam193)
OpenSSF: Package Analysis · finder
ReversingLabs · finder

Detect & block this

O3 blocks colotama-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring