Which versions of pyprettifier are malicious?

The following PyPI versions of pyprettifier are flagged malicious: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5. Treat any of these as compromised.

How do I remediate pyprettifier if I installed it?

pyprettifier is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed pyprettifier — how do I know if it already compromised me?

If pyprettifier was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is pyprettifier part of a known attack campaign?

Yes — pyprettifier is associated with the RLMA-2024-11131, 2024-09-pyprettifier, RLUA-2026-00643 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find pyprettifier across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pyprettifier (6 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pyprettifier across your stack and pipelines.

Malicious package

pyprettifierPyPI

Malicious code in pyprettifier (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-11674

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall pyprettifier

What this malware does

The pyprettifier library has a feature to send out the user home path throuh the logger. It's attached to the init of EmojiConverter class. Other related packages utilize a typosquatting to imitate real packages, and attempts to call the EmojiConverter from pyprettifier, triggering notifying the author about the user's home path.

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: 2024-09-pyprettifier

Reasons (based on the campaign):

typosquatting
The malicious code is intentionally included in a dependency of the package
action-hidden-in-lib-usage
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

Malicious versions

6 flagged

0.1.00.1.10.1.20.1.30.1.40.1.5

Indicators of compromise (SHA-256)

5c174dc35a6eb20ea8baf16c04b2d84a2c43d75f5fece0a3de510fe00bf0d6c2

d16875f95907e63c0f307b7230d32fb3579b874ab4c9154e8a3457ed410e0938

52228ec641ddc958a8048619d93a51b762697ab133afc13ec13c01d24b120467

990bc01877ca76b4e9c2f8a350d42e9bd46dbdaeb3b5ab8f20d993fe75ad5222

4c0a0f1ffe98d5062ab6abf82da051fb7c8a02d6983c4a543181834fd29676f2

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pyprettifier (6 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pyprettifier across your stack and pipelines.
If you installed it — respond
pyprettifier is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If pyprettifier was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks pyprettifier before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. pyprettifier on PyPI has been identified as a malicious package (versions 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2024-111312024-09-pyprettifierRLUA-2026-00643

References

bad-packages.kam193.eu

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks pyprettifier-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring