Cybersecurity researchers have discovered malicious packages in the Python Package Index (PYPI) repository. This introduces malicious behavior through dependencies that can establish persistence and enable code execution.
Named packages termcolorIts malicious features are realized through a dependency package called Karinal According to Zscaler Threatlabz, multi-stage malware manipulation led Colorinal to attract 529 downloads while Termcolor was downloaded 355 times. Both libraries are no longer available for Pypi.
“This attack could leverage DLL sideloads to promote decoding, establish persistence, implement command and control (C2) communication and end with remote code execution,” said researchers Manisha Ramcharan Prajapati and Satyam Singh.
Once installed and run, TermnColor is designed to import Colorinal and loads the Rogue DLL responsible for decrypting and running the next stage payload.
Specifically, the payload unpacks the legitimate binary “vcpktsvr.exe” and a DLL called “libcef.dll” that is launched using the DLL sideload. In that part, the DLL can collect system information and communicate with the C2 server using Zulip, an open source chat application, to hide activity.
“Permanence is achieved by creating a registry entry under the Windows Run key to ensure that the malware runs automatically at the system startup,” Zscaler said.
Malware can also infect Linux systems. The Python library unlocks the same functionality by removing shared object files called “Terminate.so”.
Further analysis of threat actors’ Zulip activities revealed three active users within the created organization, exchanging a total of 90,692 messages within the platform. The malware author is believed to have been active since July 10th, 2025.
“The term package and its malicious dependency qualinal underscore the importance of monitoring the open force ecosystem for potential supply chain attacks,” the company said.
As Slowmist reveals that threat actors are targeting developers, it expands the details of the external server by targeting developers under job assessments by cloned Github repository containing booby-trap NPM packages that can harvest iCloud keychains, web browsers and Cryptocurrency Wallet data.
The NPM package is designed to download and run Python scripts, capture system information, scan file systems for sensitive files, steal credentials, steal log keystrokes, take screenshots, and monitor clipboard content.
The list of identified packages has now been removed from NPM, but can be found below –
- redux-ace (163 downloads)
- RTK-Logger (394 download)
In recent months, malicious NPM packages targeting the cybersecurity community have been discovered to promote data theft and cryptocurrency mining via dependent packages to remove information from infected systems using legitimate services such as Dropbox.
Datadog researchers Christophe Tafani-Dereeeper and Matt Muir said these packages are distributed to targets under the guise of malicious proof-of-concept (POC) code for security flaws or kernel patches that provide performance improvements. This activity is attributed to a threat actor that tracks it as MUT-1244.
This development continues with a ReversingLab report that identifies the risks associated with automated dependency upgrades, especially when compromised projects are used in thousands of other projects, if they amplify software supply chain risks.
This is exemplified by a recent compromise in the ESLINT-CONFIG-PRETTIER NPM package by a phishing attack that allows unnamed attackers to push directly to the NPM registry without committing or pull requests from the corresponding Github repository.
The software supply chain security company has discovered that over 14,000 packages declare ESLINT-Config-Prettier as a direct dependency.
“Because this is a configuration of the development tool used to format the code, we expect it to need to be declared as developer dependent across the packages used. Therefore, it should not be automatically installed when the NPM install command is executed in the same way as a regular dependency.
“Automated version control tools like Depenabot are designed to remove the risk of dependencies that have security issues in the codebase, but (…) ironically, it introduces even bigger security issues like malicious compromises.”
