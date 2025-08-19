Malicious PyPI and npm packages that exploit dependencies have been increasingly used by threat actors in conducting supply chain intrusions, The Hacker News reports.
Attackers have uploaded the illicit PyPI package 'termncolor', which when installed and executed, facilitates the importation of the 'colorinal' dependency that enables rogue DLL loading for subsequent payload decryption and execution, an analysis from Zscaler ThreatLabz showed. Such payload loads a binary and a DLL, with the latter allowing system data gathering and C2 server communications. "The termncolor package and its malicious dependency colorinal highlight the importance of monitoring open-source ecosystems for potential supply chain attacks," said researchers. Another SlowMist report revealed illicit npm packages 'redux-ace' and 'rtk-logger', which have been spread through job assessment lures, to allow the compromise of browser and cryptocurrency data, as well as iCloud Keychain, for the subsequent deployment of Python scripts that allow keylogging, screenshot capturing, and file exfiltration. All of the packages have since been removed from their respective repositories.
