Which versions of consolecolornew are malicious?

The following PyPI versions of consolecolornew are flagged malicious: 0.0.1, 0.0.3, 0.0.4, 0.0.5, 0.0.6. Treat any of these as compromised.

How do I remediate consolecolornew if I installed it?

consolecolornew is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed consolecolornew — how do I know if it already compromised me?

If consolecolornew was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is consolecolornew part of a known attack campaign?

Yes — consolecolornew is associated with the RLMA-2025-04754, 2025-09-consolecolornew, RLUA-2026-00223 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find consolecolornew across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for consolecolornew (5 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging consolecolornew across your stack and pipelines.

Malicious package

consolecolornewPyPI

Malicious code in consolecolornew (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2025-47754

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall consolecolornew

What this malware does

If used, the code attempts to take a photo using the computer's camera and exfiltrates it

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-09-consolecolornew

Reasons (based on the campaign):

exfiltration-generic
action-hidden-in-lib-usage
other

Malicious versions

5 flagged

0.0.10.0.30.0.40.0.50.0.6

Indicators of compromise (SHA-256)

f980a8903f37fd1878995d33b52578b9b1b9f660a858c0ece4bc3817f41c0dc0

cb0aa66c1615538e5fa66f08b2c5487a0ce6955c294e112a373f488c904c31b0

a54001c8462b9c69251a199f4e782ad084ccd11ad435aa785443af2590dc0f02

6086e05aef288f601b45bf6d2194bb4b155c2ab2dcf0b2a2384e7407480e5839

a6ccd548792c1aa1f8634e29526e64f6d1f71064d94130d0958d280f12a423d8

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for consolecolornew (5 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging consolecolornew across your stack and pipelines.
If you installed it — respond
consolecolornew is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If consolecolornew was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks consolecolornew before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. consolecolornew on PyPI has been identified as a malicious package (versions 0.0.1, 0.0.3, 0.0.4, 0.0.5, 0.0.6 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2025-047542025-09-consolecolornewRLUA-2026-00223

References

bad-packages.kam193.eu

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks consolecolornew-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring