This is an advisory for a malicious package.
We recommend immediate removal of malicious versions of this package. Safety Firewall is actively blocking installation and will help you identify any existing installations of the package.
PyPI: tui-ascii-art
SFTY-20260320-09877
--- _-= Per source details. Do not edit below this line.=-_ ## Source: kam193 (4358458e150317ab394c6dd2d0137a8c395a32bae309cc1bfd829f123dab1393) These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious action between dependencies and are not malicious alone, but are used together to: exfiltrate information through DNS, collect information about the processes and covering tracks by installing packages from local private repositories. Package nspack additionally notifies upon importing a domain known for malicious activity with the package and hostname. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-03-geekennedy Reasons (based on the campaign): - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk. - The malicious code is intentionally included in a dependency of the package
Overview
Malicious code in tui-ascii-art (PyPI)
Advisory
Malicious code in tui-ascii-art (PyPI)
How to Fix
We recommend updating tui-ascii-art to the latest non-vulnerable version.
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more