"The termncolor package and its malicious dependency colorinal highlight the increasing sophistication of attacks targeting software repositories, enabling attackers to achieve remote code execution and system persistence."
A malicious package named termncolor was found in the Python Package Index, designed to execute harmful actions through a dependency called colorinal. This malware utilizes a multi-stage operation to achieve its goals, such as establishing persistence and enabling remote code execution. After being installed, termncolor imports the colorinal package that loads a rogue DLL, facilitating communication with a command-and-control server. The malware can run on both Windows and Linux systems, with the capability to create registry entries for auto-execution at startup.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]