Attackers Launch New PyPI Supply Chain Attacks on Python and NPM Users Across Windows and Linux

In a sophisticated new supply chain attack, threat actors have leveraged both Python’s PyPI and JavaScript’s NPM ecosystems to target developers and administrators on Windows and Linux platforms.

Discovered by researcher Ariel Harush, this campaign deploys typo-squatting and cross ecosystem name confusion techniques that not only trick developers but also bypass many conventional security controls.

Cross-Ecosystem Confusion: How the Attack Works

At the heart of the campaign are malicious packages uploaded to PyPI, each bearing names nearly identical to legitimate and widely-used libraries: Python’s colorama and JavaScript’s colorizr.

But what sets this campaign apart is the attackers’ creative ploy of using NPM-based naming conventions for fake Python packages, blurring the lines of trust between ecosystems and maximizing the chances of accidental downloads.

Example of Typo-Squatting:

Once installed, these packages execute platform-specific payloads designed to steal sensitive information and establish persistent remote access.

Windows Payloads: Evasion and Long-Term Access

Upon execution on Windows systems, malicious packages fetch executable payloads housed on GitHub (github.com/s7bhme), and immediately set out to establish persistence and evade security solutions. The process includes:

• Harvesting Environment Variables: Directly reads from the Windows registry, exposing environment-based secrets.
• Persistence via Scheduled Tasks: Deploys multiple scheduled tasks, each pointing to distinct payloads for modular attack capability.

Task Scheduler Creation Example (Pseudo):

powershell$action = New-ScheduledTaskAction -Execute 'C:\path\to\payload.exe'
Register-ScheduledTask -TaskName "ColoramaUpdate" -Action $action -Trigger (New-ScheduledTaskTrigger -AtStartup)

• Antivirus Tampering: The malware actively disables Windows Defender using commands such as:text"C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All powershell.exe Set-MpPreference -DisableIOAVProtection $true

Linux Payloads: Advanced Backdoors and Data Exfiltration

On Linux, the Colorizator and coloraiz packages deliver base64-encoded payloads within src/colorizator/__init__.py. Once decoded, these initiate a multi-stage infection process:

1. RSA Key Drop: Places a public key in /tmp/pub.pem for encrypting output.
2. Remote Bash Download: Fetches and runs a script from gsocket[.]io/y to install gs-netcat, enabling encrypted reverse shells.
3. Data Exfiltration: Encrypts output with RSA, encodes it in base64, and uploads to Pastebin using API keys for stealthy exfiltration.
4. Cleanup: Erases all temporary files to hide traces.

Sample Python Implant (Simplified):

pythonimport base64, subprocess

payload = "c2NyaXB0IGNvbnRlbnQgdG8gZG93bmxvYWQK..."
exec(base64.b64decode(payload))

The bash script fetched is a potent stealth toolkit—it masquerades as kernel processes, alters startup scripts (systemd, crontab, rc.local), and connects to external C2s via gs-netcat, sometimes dropping notifications to Discord or Telegram webhooks.

Indicators of Compromise and Defensive Guidance

Key IoCs:

• GitHub: github.com/s7bhme
• Webhook exfiltration: webhook.site/dc3c1af9-ea3d-4401-9158-eb6dda735276
• Malicious File Hashes:
  • Linux: d30c78c64985...5bd429252e4612
  • Windows: daef5255eac4...371b9d18df3b47f
• Known Bad Package Owners: rick_grimes, morty_smith, reven, m5tl, dsss

This attack campaign highlights the increasing creativity and technical skill involved in open-source software supply chain threats. By leveraging typo-squatting across ecosystems and deploying advanced, multi-platform payloads, attackers have raised the bar for automated detection and developer vigilance. While the identified packages have been removed, organizations must:

• Scrutinize dependencies for typos and off-brand package names.
• Monitor endpoints for IoCs and strange startup tasks.
• Educate developers about the dangers of “pip install” without verification.