Hackread reports that Windows and Linux systems have been targeted for compromise by a pair of backdoored Python Package Index packages, with the first masquerading as the widely used Python tool colorama and the other spoofing a similar package on NPM colorizr, as part of a new attack campaign.
Included in the packages, which have since been removed from PyPI, were payloads that facilitated remote access and control on targeted desktops and servers, with the malware evading antivirus tools on Windows systems and enabling encrypted connections, data exfiltration, and persistence on Linux systems, an analysis from Checkmarx Zero showed. "By combining typo-squatting and related name confusion attacks, cross-ecosystem baiting, and multi-platform payloads, this attack serves as a reminder of how opportunistic and sophisticated open-source supply chain threats have become," said researchers, who recommended the increased monitoring of malicious packages in active application codes, as well as private software storage.
Included in the packages, which have since been removed from PyPI, were payloads that facilitated remote access and control on targeted desktops and servers, with the malware evading antivirus tools on Windows systems and enabling encrypted connections, data exfiltration, and persistence on Linux systems, an analysis from Checkmarx Zero showed. "By combining typo-squatting and related name confusion attacks, cross-ecosystem baiting, and multi-platform payloads, this attack serves as a reminder of how opportunistic and sophisticated open-source supply chain threats have become," said researchers, who recommended the increased monitoring of malicious packages in active application codes, as well as private software storage.
