A malicious package named termncolor was found in the Python Package Index, designed to execute harmful actions through a dependency called colorinal. This malware utilizes a multi-stage operation to achieve its goals, such as establishing persistence and enabling remote code execution. After being installed, termncolor imports the colorinal package that loads a rogue DLL, facilitating communication with a command-and-control server. The malware can run on both Windows and Linux systems, with the capability to create registry entries for auto-execution at startup.
The termncolor package and its malicious dependency colorinal highlight the increasing sophistication of attacks targeting software repositories, enabling attackers to achieve remote code execution and system persistence.
Collection
[
|
...
]