CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Malicious PyPI and npm Packages Exploit Dependencies in Supply Chain Attacks

First reported
Last updated
πŸ“° 2 unique sources, 4 articles

Summary

Hide β–²

Cybersecurity researchers have identified malicious packages in the Python Package Index (PyPI) and npm repositories that exploit dependencies to execute supply chain attacks. The PyPI package termncolor, with 355 downloads, and its dependency colorinal, with 529 downloads, were found to perform DLL side-loading to achieve persistence and remote code execution. The malware can infect both Windows and Linux systems. Additionally, npm packages were discovered to harvest sensitive data, including iCloud Keychain, web browser, and cryptocurrency wallet information. The attacks highlight the risks associated with automated dependency upgrades and the importance of monitoring open-source ecosystems for potential threats. In a recent supply chain attack, attackers injected malware into npm packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack. The attack impacted roughly 10% of all cloud environments. The malware operates by injecting itself into the web browser, monitoring cryptocurrency transactions, and redirecting them to attacker-controlled wallet addresses. The compromised packages include debug, chalk, and ansi-styles, among others. The impact of the attack is limited to fresh installs between ~9 AM and ~11.30 AM ET on September 8, 2025, when the packages were compromised. This attack follows a series of similar incidents targeting JavaScript libraries, highlighting the ongoing threat to the open-source ecosystem.

Timeline

  1. 08.09.2025 19:47 πŸ“° 3 articles

    Supply Chain Attack on npm Packages with 2.6 Billion Weekly Downloads

    Attackers injected malware into npm packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack. The malware operates by injecting itself into the web browser, monitoring cryptocurrency transactions, and redirecting them to attacker-controlled wallet addresses. The compromised packages include debug, chalk, and ansi-styles, among others. The impact of the attack is limited to fresh installs between ~9 AM and ~11.30 AM ET on September 8, 2025, when the packages were compromised. This attack follows a series of similar incidents targeting JavaScript libraries, highlighting the ongoing threat to the open-source ecosystem. The maintainer's account was compromised through a phishing attack, which mimicked an npm support email. The phishing attack prompted the maintainer to enter their username, password, and 2FA token. The compromised packages include ansi-regex, ansi-styles, backslash, chalk, chalk-template, color-convert, color-name, color-string, debug, error-ex, has-ansi, is-arrayish, proto-tinker-wc, supports-hyperlinks, simple-swizzle, slice-ansi, strip-ansi, supports-color, supports-hyperlinks, wrap-ansi. The malware intercepts cryptocurrency transaction requests and swaps the destination wallet address with an attacker-controlled wallet. The payload acts as a browser-based interceptor that hijacks network traffic and application APIs to steal cryptocurrency assets. The attack targeted end users with connected wallets who visit a site that includes the compromised code. The attack also compromised another high-profile maintainer, duckdb_admin, to distribute the same wallet-drainer malware. The affected packages include @coveops/abi, @duckdb/duckdb-wasm, @duckdb/node-api, @duckdb/node-bindings, duckdb, prebid, prebid-universal-creative. The attack impacted roughly 10% of all cloud environments. The compromised packages were removed within two hours. The attack targeted browser environments, hooking Ethereum and Solana signing requests. The attackers made less than $1,000. The attackers' wallet addresses have been flagged, limiting their ability to use the funds.

    Show sources
    Open in new tab
  2. 18.08.2025 13:56 πŸ“° 1 articles

    Malicious PyPI and npm Packages Exploit Dependencies in Supply Chain Attacks

    Cybersecurity researchers have identified malicious packages in the Python Package Index (PyPI) and npm repositories that exploit dependencies to execute supply chain attacks. The PyPI package termncolor, with 355 downloads, and its dependency colorinal, with 529 downloads, were found to perform DLL side-loading to achieve persistence and remote code execution. The malware can infect both Windows and Linux systems. Additionally, npm packages were discovered to harvest sensitive data, including iCloud Keychain, web browser, and cryptocurrency wallet information.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

HybridPetya Ransomware Bypasses UEFI Secure Boot via CVE-2024-7344

A new ransomware strain, HybridPetya, has been discovered. It resembles the Petya/NotPetya malware and can bypass UEFI Secure Boot using the CVE-2024-7344 vulnerability. HybridPetya encrypts the Master File Table (MFT) on NTFS-formatted partitions and installs a malicious EFI application on the EFI System Partition. The ransomware has two main components: a bootkit and an installer. The bootkit handles encryption and decryption processes, displaying fake CHKDSK messages to deceive victims. The ransom note demands $1,000 in Bitcoin, with a wallet receiving $183.32 between February and May 2025. HybridPetya exploits a remote code execution vulnerability in the Howyar Reloader UEFI application, allowing it to bypass Secure Boot. The variant uses a specially crafted file named 'cloak.dat' to load the bootkit binary. Microsoft revoked the vulnerable binary in January 2025. ESET's telemetry data indicates no evidence of HybridPetya being used in the wild, suggesting it may be a proof-of-concept (PoC). The ransomware incorporates characteristics from both Petya and NotPetya, including the visual style and attack chain. It drops several files into the EFI System Partition, including configuration, validation, and encryption progress tracking files. The ransom note provides a 32-character key for decryption and system restoration upon payment. Indicators of compromise for HybridPetya are available on a GitHub repository. Microsoft fixed CVE-2024-7344 with the January 2025 Patch Tuesday updates.

Open in new tab

ChillyHell macOS Backdoor Resurfaces with New Capabilities

The ChillyHell macOS backdoor malware, initially observed in 2022, has resurfaced with a new version. This modular backdoor allows attackers remote access and the ability to drop payloads, brute-force passwords, and evade detection. The malware, disguised as an executable applet, was discovered on VirusTotal and had been publicly hosted on Dropbox since 2021. The malware employs multiple persistence mechanisms and communicates over various protocols, making it highly flexible. It can exfiltrate data, drop additional payloads, and enumerate user accounts. Apple has revoked the notarization of the developer certificates associated with the malware. The resurgence of ChillyHell highlights the increasing threat landscape for macOS, emphasizing the need for robust security measures. A new Go-based remote access trojan (RAT) named ZynorRAT has been discovered, targeting Windows and Linux systems. ZynorRAT uses a Telegram bot for command and control and supports a wide range of functions, including file exfiltration and system enumeration.

Open in new tab

APT41 Targets U.S. Trade Officials in Cyber Espionage Campaign

The House Select Committee on China has issued a warning about ongoing cyber espionage campaigns by China-linked APT41 targeting U.S. trade officials and related organizations. The attacks involve phishing emails impersonating U.S. officials to steal sensitive information. The campaign coincides with contentious U.S.-China trade negotiations. The threat actors exploit software and cloud services to cover their tracks. The attacks aim to steal valuable data and gain unauthorized access to systems. The committee has noted similar tactics used in previous campaigns, including a January 2025 spear-phishing attempt targeting committee staffers. The FBI is investigating the ongoing cyber espionage campaign. APT41 has been known to conduct financially motivated activities in addition to state-sponsored espionage. The group has targeted various sectors, including logistics, utilities, healthcare, high-tech, and telecommunications. The committee recommends user awareness phishing training, mandatory multifactor authentication, FIDO keys, and appropriate email gateway and endpoint security tools to mitigate such attacks.

Open in new tab

TOR-based Cryptojacking Campaign Targets Misconfigured Docker APIs

A new variant of a TOR-based cryptojacking campaign targets misconfigured Docker APIs to propagate malware. The attack chain involves exploiting exposed Docker instances to deploy XMRig miners and reconnaissance tools. The malware also scans for additional ports and attempts to propagate via Telnet and Chromium remote debugging ports. The campaign may be setting up a complex botnet. The attack leverages Base64-encoded payloads and TOR domains for anonymity. It includes a dropper written in Go that parses user login information and uses Masscan for further propagation. The malware's source code includes an emoji, suggesting it may have been crafted using a large language model (LLM). The attackers mount the host root to the fresh container, allowing them to manipulate the host system and escape the container. The attackers modify the SSH configuration of the host system to elevate privileges and provide backdoor access. The attackers create a cron job that executes every minute to block access to the Docker API’s port 2375, denying other attackers future access to the exposed instance. The threat actors deploy tools to perform mass scans for other open 2375 ports, which are used for malware propagation through the creation of new containers using the identified exposed APIs. The malware installs curl and tor, launches a Tor daemon, and waits for confirmation of the connection by accessing Amazon's checkip.amazonaws.com service over a SOCKS5 proxy. The malware appends an attacker-controlled public key to /root/.ssh/authorized_keys on the mounted host filesystem to enable persistent SSH access. The malware writes a base64-encoded cron job on the host, which executes every minute and blocks external access to port 2375 using available firewall utilities. The malware downloads a Zstandard-compressed Go binary over Tor, decompresses it, and runs it as a dropper. The Go binary parses the host’s utmp file to identify logged-in users. The malware attempts to infect other exposed Docker APIs and removes competitor containers after gaining access. The malware includes inactive logic for exploiting Telnet (port 23) using default router credentials and for interacting with Chrome’s remote debugging interface (port 9222). The malware's behavior suggests it is an initial version of a complex botnet with capabilities for lateral movement, persistence, and potential future expansion for credential theft and browser hijacking. The campaign highlights the importance of securing Docker APIs and segmenting networks to prevent such attacks.

Open in new tab

MostereRAT Malware Disables Security Tools, Targets Japanese Windows Users

A new malware campaign, tracked as MostereRAT, targets Japanese Windows users with sophisticated evasion techniques. MostereRAT disables antivirus and endpoint defenses, uses an obscure programming language, and abuses legitimate remote access tools to maintain persistent control over compromised systems. The malware's capabilities include privilege escalation, keylogging, data exfiltration, and the creation of hidden administrator accounts. The campaign's long-term objectives and the full extent of its impact remain unclear. MostereRAT employs Easy Programming Language (EPL) to evade detection and uses Windows Filtering Platform (WFP) filters to block security telemetry. The malware deploys legitimate remote access tools like AnyDesk, TigerVNC, and TightVNC, making it difficult to detect. The campaign highlights the importance of removing local administrator privileges and blocking unapproved remote access tools to reduce the attack surface. The malware uses mutual TLS (mTLS) to secure command-and-control (C2) communications and can run as TrustedInstaller, a built-in Windows system account with elevated permissions. MostereRAT can monitor foreground window activity associated with Qianniu - Alibaba's Seller Tool, facilitate RDP logins, and create hidden administrator accounts.

Open in new tab