Hackread reports that Windows and Linux systems have been targeted for compromise by a pair of backdoored Python Package Index packages, with the first masquerading as the widely used Python tool colorama and the other spoofing a similar package on NPM colorizr, as part of a new attack campaign.Included in the packages, which have since been removed from PyPI, were payloads that facilitated remote access and control on targeted desktops and servers, with the malware evading antivirus tools on Windows systems and enabling encrypted connections, data exfiltration, and persistence on Linux systems, an analysis from Checkmarx Zero showed. "By combining typo-squatting and related name confusion attacks, cross-ecosystem baiting, and multi-platform payloads, this attack serves as a reminder of how opportunistic and sophisticated open-source supply chain threats have become," said researchers, who recommended the increased monitoring of malicious packages in active application codes, as well as private software storage.
Supply chain, Malware, Threat Intelligence
Malicious PyPI packages aim to backdoor Windows, Linux systems

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



