New PyPI Supply Chain Attacks Target Python and NPM Users on Windows and Linux

Checkmarx Zero researcher Ariel Harush has uncovered a sophisticated malicious package campaign targeting Python and NPM users across Windows and Linux platforms through typo-squatting and name-confusion attacks against popular packages.

This coordinated supply chain attack demonstrates unprecedented cross-ecosystem tactics and advanced evasion techniques that security researchers warn represent an evolution in open-source threats.

Cross-Ecosystem Typo-Squatting Campaign

The attack campaign specifically targets users of colorama, a widely-used Python package for colorizing terminal output on PyPI, and colorizr, a similar JavaScript package on NPM.

Security researchers identified multiple malicious packages uploaded to PyPI with names designed to confuse developers into accidental installation through typographic errors.

The campaign’s most unusual characteristic involves using naming conventions from the NPM ecosystem to attack PyPI users, suggesting either deliberate confusion tactics or preparation for future NPM-targeted attacks.

The malicious packages were strategically named to exploit common typing mistakes and developer assumptions about package naming conventions.

This cross-ecosystem baiting technique represents a significant evolution in supply chain attack methodologies, as threat actors traditionally focus on single-ecosystem targets.

The campaign’s scope and coordination suggest targeted adversarial activity rather than opportunistic attacks, though researchers note that clear attribution data remains unavailable.

Multi-Platform Payloads

The discovered payloads demonstrate sophisticated capabilities across both Windows and Linux environments, with common features including sensitive data exfiltration, remote access establishment, and comprehensive persistence mechanisms.

Windows-targeted variants linked to the GitHub account github.com/s7bhme employ environment variable harvesting from the Windows registry to expose potential credentials and configuration secrets.

These payloads establish persistence through Task Scheduler entries pointing to different file paths, suggesting modular deployment architectures designed for long-term compromise.

Windows payloads exhibit advanced antivirus evasion capabilities, actively checking for installed security software and modifying behavior accordingly.

Researchers observed specific anti-detection commands including “C:Program FilesWindows DefenderMpCmdRun.exe” -RemoveDefinitions -All to remove malware definitions and PowerShell commands disabling Input/Output Antivirus scanning for downloaded files.

These behaviors indicate clear adversarial intent focused on establishing persistent footholds while avoiding detection.

Linux-targeted packages including Colorizator and coloraiz contain base64-encoded payloads within src/colorizator/init.py files that initiate sophisticated infection chains.

The attack sequence involves RSA key deployment to /tmp/pub.pem, remote bash script downloads from gsocket.io/y for gs-netcat installation, and encrypted output exfiltration to Pastebin using valid developer keys.

The downloaded bash script provides comprehensive backdoor functionality including systemd persistence, shell profile injection, crontab modifications, and webhook notifications to Discord, Telegram, and custom URLs.

Initial investigation suggested unified threat actor involvement based on naming similarities and upload timing patterns, but deeper analysis reveals differences in tooling, tactics, and infrastructure that complicate attribution efforts.

Researchers cannot definitively link both Windows and Linux payload sets to a single source, suggesting potential separate campaigns exploiting similar typo-squatting tactics.

This uncertainty highlights how quickly malicious techniques proliferate within cybercrime ecosystems.

The packages have been removed from public repositories, limiting immediate damage potential, but the campaign serves as a critical reminder of sophisticated open-source supply chain threats.

Security experts recommend immediate examination of deployed application code for malicious package names, removal of any instances from private repositories, and implementation of blocking mechanisms across development environments.

Indicators of Compromise

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!