Conclusion PyPI continues to be abused by cyberattackers to compromise Python programmers’ devices. This campaign displays a variety of techniques being used to include malware in Python packages.

PyPI is a repository for Python packages, accessible at pypi.org, that offers a centralized platform for developers to distribute and install third-party software libraries.

PyPI malware termncolor and colorinal downloaded 884 times exploit DLL side-loading, persistence, and C2 communication.

Tainting legitimate PyPI packages with malware is also a common occurrence. Many Python developers trust the platform, and use the code found there in various projects.

Security researchers discovered yet another malicious PyPI package, whose goal is to steal people’s sensitive data and allow unauthenticated users access to the compromised endpoint. The package ...