Cybersecurity researchers uncovered malicious packages in PyPI and npm repositories used for supply chain attacks, enabling remote code execution and data theft. These threats exploit open-source ecosystems, highlighting the importance of vigilance in dependency management. #PyPI #npm #SupplyChainAttacks
Keypoints
- A malicious Python package named termncolor was used to initiate a multi-stage malware operation via a dependency called colorinal.
- The malware achieves persistence and remote command-and-control capabilities through DLL side-loading and registry modifications.
- Infections can target both Windows and Linux systems, deploying different payloads to harvest system data.
- Several compromised npm packages were used in phishing campaigns to steal credentials and facilitate cryptocurrency mining.
- Automated dependency updates, like Dependabot, can inadvertently introduce security vulnerabilities in software supply chains.
Read More: https://thehackernews.com/2025/08/malicious-pypi-and-npm-packages.html