Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior through a dependency that allows it to establish persistence and achieve code execution.
The package, named termncolor, realizes its nefarious functionality through a dependency package called colorinal by means of a multi-stage malware operation, Zscaler ThreatLabz said. While termncolor was downloaded 355 times, colorinal attracted 529 downloads. Both libraries are no longer available on PyPI.
“This attack could leverage DLL side-loading to facilitate decryption, establish persistence, and conduct command-and-control (C2) communication, ending in remote code execution,” according to researchers Manisha Ramcharan Prajapati and Satyam Singh.
Once installed and executed, termncolor is designed to import colorinal, which, in turn, loads a rogue DLL that’s responsible for decrypting and running the next-stage payload.
Specifically, the payload deploys a legitimate binary “vcpktsvr.exe” and a DLL called “libcef.dll” that’s launched using DLL side-loading. The DLL, for its part, is capable of harvesting system information and communicating with the C2 server using Zulip, an open-source chat application, to conceal the activity.
“Persistence is achieved by creating a registry entry under the Windows Run key to ensure automatic execution of the malware at system startup,” Zscaler said.
The malware is also capable of infecting Linux systems, with the Python libraries dropping a shared object file called “terminate.so” to unleash the same functionality.
Further analysis of the threat actor’s Zulip activity has revealed three active users within the created organization, with a total of 90,692 messages exchanged within the platform. It’s believed that the malware author has been active since July 10, 2025.
“The termncolor package and its malicious dependency colorinal highlight the importance of monitoring open-source ecosystems for potential supply chain attacks,” the company said.
The disclosure comes as SlowMist revealed that threat actors are targeting developers under the guise of a job assessment to trick them into cloning a GitHub repository containing a booby-trapped npm package that’s capable of harvesting iCloud Keychain, web browser, and cryptocurrency wallet data, and exfiltrating the details to an external server.
The npm packages are also engineered to download and run Python scripts, capture system information, scan the file system for sensitive files, steal credentials, log keystrokes, take screenshots, and monitor clipboard content.
The list of identified packages, now removed from npm, is below –
- redux-ace (163 Downloads)
- rtk-logger (394 Downloads)
In recent months, malicious npm packages have been spotted targeting the cybersecurity community to facilitate data theft and cryptocurrency mining through a dependent package, using legitimate services like Dropbox to exfiltrate the information from infected systems.
These packages, Datadog researchers Christophe Tafani-Dereeper and Matt Muir noted, are distributed to targets under the guise of malicious proof-of-concept (PoC) code for security flaws, or a kernel patch that supposedly offers performance improvements. The activity has been attributed to a threat actor it tracks as MUT-1244.
The development also follows a report from ReversingLabs that has revealed the risks associated with automated dependency upgrades, particularly when a compromised project is used by thousands of other projects, amplifying risks to the software supply chain.
This is exemplified by the recent compromise of the eslint-config-prettier npm package by means of a phishing attack that allowed unnamed attackers to push poisoned versions directly to the npm registry without any source code commits or pull requests on its corresponding GitHub repository.
The software supply chain security company found that more than 14,000 packages have declared eslint-config-prettier as a direct dependency, instead of declaring it as a devDependency, causing automated actions like GitHub Actions to automatically merge the dependency update alerts issued by Dependabot without scrutinizing them.
“Since this is a configuration for a development tool used for code formatting, it can be expected that it should be declared as a devDependency across packages in which it is used, and, as such, it shouldn’t be automatically installed when the npm install command is executed like with regular dependencies,” security researcher Karlo Zanki said.
“Automated version management tools like Dependabot are designed to remove the risk of having dependencies with security issues in your code base, but […] ironically they can end up introducing even bigger security issues like malicious compromise.”
