“Downloaded a dependency — lost your keys.” A new attack on developers
Trust in IT ecosystems has turned into a disaster for the entire industry.
Trust in IT ecosystems has turned into a disaster for the entire industry.
Researchers from Zscaler ThreatLabz discovered a malicious library in the official PyPI repository: termncolor, which spread harmful code via a dependency called colorinal. Both libraries have since been removed, but before that, they were downloaded more than 800 times.
The attack was notable for its multi-stage infection chain: installing termncolor led to the download of colorinal, which launched a DLL file to decrypt and execute the next stage. At this point, a binary file vcpktsvr.exe was used along with libcef.dll, loaded via DLL sideloading. The latter collected system information and connected to a command-and-control server through the chat platform Zulip, allowing the traffic to blend in.
To maintain persistence, the library created an autostart key in Windows, while on Linux it installed terminate.so with similar functionality. Analysis of Zulip activity revealed three active accounts and nearly 91,000 messages, suggesting long-term use of the channel and activity from the attacker dating back to early July 2025.
At the same time, cybersecurity firm SlowMist reported another campaign targeting developers. Attackers posed as employers and asked candidates to clone a GitHub repository containing a malicious npm package. This code was able to extract iCloud Keychain data, browser contents, and cryptocurrency wallets, sending them to an external server.
In addition, the malicious modules could download and execute Python scripts, gather system information, search for sensitive files, steal credentials, log keystrokes, take screenshots, and monitor the clipboard. Among the identified packages were redux-ace and rtk-logger, which together were downloaded more than 550 times.
In recent months, other malicious npm packages have been detected, this time targeting security professionals. They were used for data theft and covert cryptocurrency mining, with attackers leveraging dependencies and legitimate services like Dropbox to exfiltrate stolen information. According to Datadog, such packages were often disguised as proof-of-concept exploits for vulnerabilities or fake “kernel performance improvements.” This activity is linked to a group tracked under the identifier MUT-1244.
An additional risk comes from automatic dependency updates. ReversingLabs showed that if a popular project is compromised, malicious versions can spread widely into other projects. One example was the case with eslint-config-prettier, where attackers used phishing to gain access and upload trojanized versions to npm without any visible changes in the GitHub repository.
More than 14,000 packages listed this module as a main dependency instead of a devDependency, which led to the automatic distribution of infected versions via Dependabot and GitHub Actions. Researchers noted that tools originally designed to reduce risks can themselves become accelerators of infection in a supply chain attack.
The story of malicious libraries in PyPI and npm shows that not only end users are vulnerable, but also the very developer tools themselves: the deeper the automation and trust in ecosystems, the more dangerous a single compromised link in the supply chain becomes.
