Which versions of tablates are malicious?

The following PyPI versions of tablates are flagged malicious: 1.0.1, 1.0.3. Treat any of these as compromised.

How do I remediate tablates if I installed it?

tablates is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed tablates — how do I know if it already compromised me?

If tablates was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is tablates part of a known attack campaign?

Yes — tablates is associated with the 2025-11-spellcheckers, RLMA-2025-06593, RLUA-2026-00799 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find tablates across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for tablates (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging tablates across your stack and pipelines.

Malicious package

tablatesPyPI

Malicious code in tablates (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2025-191534

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall tablates

What this malware does

This package is malicious and typosquating the legitimate pyspellchecker library. This package will deploy a remote-access trojan that allows the attacker full control of the victim's host.

Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in background periodically connects to a remote host and waits for next code to execute

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-11-spellcheckers

Reasons (based on the campaign):

obfuscation
Downloads and executes a remote malicious script.
The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.

Malicious versions

2 flagged

1.0.11.0.3

Indicators of compromise (SHA-256)

56df7571e75ad7e85850f9a34bb482f19466af4481db56951ffba42475a4238d

e2d2bba3d148ff20cb8a3813aafcf025ae28c5dc259bbdc403d6aa874167bdff

a08f9f271e62949f07029e8c2dc7c8904e7272750fe9789442d4549be52c639f

61a3bce8b99fd58c2aeb2cae49156f70bbfbc071574cbcef5ec0440cd8ea0a61

f01b93e7959667d43b7e5860ef63c296ddbc6f5adaf644f473ef99d28dce1c4a

9e6d1304ad201dddf20f3869ee10e653e8389ac7a500160758740158f9724ee2

04a653711d902687630df4827673258af140c39785c030df2c7d28387e6162f0

70220451336c68557a3d1f087e22c334b3c1ac098bf97e11b6582b5b2f6dcbe3

dc607c2749706dc9a13004fdbfc21d6d6bcb3801ed320e72c721268e966813a2

ae906a1b0e97aefa5013f928dfc5afb04842f85d00780987f9899f6485a83dd4

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for tablates (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging tablates across your stack and pipelines.
If you installed it — respond
tablates is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If tablates was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks tablates before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. tablates on PyPI has been identified as a malicious package (versions 1.0.1, 1.0.3 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

2025-11-spellcheckersRLMA-2025-06593RLUA-2026-00799

References

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks tablates-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring