According to Checkmarx, a duplicate of a widely used application infected several Python developers, including the maintainer of Top.gg, with information-stealing malware subsequent to downloading it.
Colorama, a software that lets ANSI escape character sequences operate on Windows, has over 150 million monthly downloads. To launch their supply chain attack, the hackers cloned the program, injected malicious code into it, and hosted the infected version on a bogus mirror URL that used typosquatting to fool developers into thinking it was the legitimate ‘files.pythonhosted.org’ mirror.
To conceal the malicious code in Colorama, the attackers used multiple white spaces to push the snippet off-screen, making it unnoticeable during short examinations of the source files.
Read More: Top Python Developers Hacked in Sophisticated Supply Chain Attack
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
