{
	"id": "08a506ad-c4ff-461c-8b9e-ab73c73cc5b3",
	"created_at": "2026-04-06T00:22:05.086204Z",
	"updated_at": "2026-04-10T03:20:41.268123Z",
	"deleted_at": null,
	"sha1_hash": "e595ace58b968c7dd0ba89aa30bd791f9f46eb6b",
	"title": "PyPI Supply Chain Attack Uncovered: Colorama and Colorizr Name Confusion - Checkmarx",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1025022,
	"plain_text": "PyPI Supply Chain Attack Uncovered: Colorama and Colorizr Name\r\nConfusion - Checkmarx\r\nArchived: 2026-04-05 17:30:57 UTC\r\nCheckmarx Zero researcher Ariel Harush has discovered evidence of a malicious package campaign that is consistent\r\nwith live adversarial activity and adversarial research and testing. This campaign targets Python and NPM users on\r\nWindows and Linux via typo-squatting and name-confusion attacks against colorama (a widely-used Python package for\r\ncolorizing terminal output) on PyPI and the similar colorizr JavaScript package on NPM. These malicious packages\r\nwere uploaded to PyPI.\r\nMultiple packages uploaded to PyPI with significantly risky payloads were uploaded with names similar to\r\nlegitimate packages in both PyPI and NPM.\r\nThe tactic of using the name from one ecosystem (NPM) to attack users of a different ecosystem (PyPI) is\r\nunusual.\r\nPayloads allow persistent remote access to and remote control of desktops and servers, as well as harvesting and\r\nexfiltrating sensitive data.\r\nWindows payloads attempt to bypass antivirus/endpoint protection controls to avoid detection.\r\nPackages have been removed from public repositories, limiting immediate potential for damage.\r\nThese behaviors are consistent with targeted adversarial activity and coordinated campaigns. It is likely, based on this\r\npattern, that these were created either to attack a particular target or set of targets. No clear attribution data is currently\r\navailable, so we do not know whether this campaign is connected to a well-known adversary.\r\nCross-Platform Supply Chain Attacks Targeting Users of Colorama and Colorizr\r\nIn the ever-escalating game of cat and mouse in open-source security, threat actors continue to evolve. This is expected.\r\nBut this supply chain attack campaign targeting Colorama users stood out not just for its creativity, but for its scope. By\r\ncombining typo-squatting and related name confusion attacks, cross-ecosystem baiting, and multi-platform payloads, this\r\nattack serves as a reminder of how opportunistic and sophisticated open-source supply chain threats have become.\r\nTypos That Hurt: Colorama Copycats\r\nWhen we uncovered a wave of malicious packages uploaded to PyPI, seemingly designed to trick developers into\r\ninstalling them by mistake, we were immediately concerned. These packages closely mimic the names of two popular\r\nlibraries:\r\ncolorama (a widely used Python package for terminal color control)\r\ncolorizr (an NPM package used for similar functionality in JavaScript)\r\nOne especially unusual facet of this campaign is the cross-ecosystem name confusion tactic. Several of the fake PyPI\r\npackages mimic the naming conventions of the NPM package colorizr. This suggests either a deliberate effort to sow\r\nconfusion, or the possibility of future attacks branching into the NPM ecosystem.\r\nThe payloads have Windows and Linux variants, with common features including:\r\nhttps://checkmarx.com/zero-post/python-pypi-supply-chain-attack-colorama/\r\nPage 1 of 6\n\nAccessing and exfiltrating sensitive configuration information\r\nEstablishing remote control / remote access for the attacker\r\nEstablishing persistence and “command and control” (C2) mechanisms consistent with expectation of establishing\r\na long-term foothold\r\nAttempts to hide from detection and evade endpoint security controls\r\nNever Miss Our Checkmarx Research Updates!\r\nWindows Payloads: Malware With Persistence and Evasion\r\nClosely examining the package variants that target Windows, we were able to link some payloads back to a GitHub\r\naccount: github[.]com/s7bhme. This repo hosted various suspicious executables, and a Python project template named\r\nbranchtemplaterepo.\r\nKey Behaviors Identified:\r\nEnvironment Variable Harvesting\r\nThe malware grabs environment variables from the Windows registry — a tactic that may expose sensitive information\r\nsuch as credentials or configuration secrets.\r\nIndications of Environment Variable access; sample screenshot\r\nPersistence via Task Scheduler\r\nThe payload delivery process creates scheduled tasks pointing to different file paths, each running a separate payload.\r\nThis suggests a modular setup where multiple components are deployed together.\r\nExample screenshot of Task Scheduler showing multiple payload configurations\r\nhttps://checkmarx.com/zero-post/python-pypi-supply-chain-attack-colorama/\r\nPage 2 of 6\n\nAntivirus Awareness\r\nThe malware checks for installed security software and alters its behavior accordingly to avoid detection.\r\nIndication of process list access checking for common anti-malware programs\r\nWe also observed a payload installing and running checks for anti-malware tools on the infected host. We observed\r\nseveral specific anti-detection behaviors, including running the following commands:\r\n\"C:\\Program Files\\Windows Defender\\MpCmdRun.exe\" -RemoveDefinitions -All\r\nThis command aims to remove all malware definitions from windows defender\r\nSet-MpPreference -DisableIOAVProtection $true\r\nPowershell snippet which Disables IOAV (Input/Output Antivirus) scanning, preventing checking files downloaded\r\nfrom the internet for safety\r\nThese behaviors show clear adversarial intent: establish a foothold, stay hidden, and collect sensitive data.\r\nLinux Payloads: Advanced Backdoors with Remote Control\r\nOn the Linux side, we analyzed two packages: Colorizator and coloraiz. These contain base64-encoded payloads buried\r\nin src/colorizator/__init__.py. Once decoded and executed, the payloads initiate a sophisticated infection chain:\r\nThe Attack Path:\r\n1. RSA Key Drop: A public key is written to /tmp/pub.pem. This key is later used to encrypt the output of a later\r\ngs-netcat command before that output is exfiltrated.\r\n2. Remote Bash Download: A script is fetched from [https:]//gsocket[.]io/y, likely used to install gs-netcat, a\r\ntool for establishing encrypted reverse shells.\r\n3. Encrypted Output Exfiltration: The gs-netcat output is encrypted using the RSA key, base64-encoded, and\r\nsilently uploaded to Pastebin via its API using valid developer and user keys.\r\n4. Cleanup: Temporary files are deleted to remove traces of the activity.\r\nThe Remote Access Script — A Full-Fledged Swiss Army Knife\r\nThe downloaded bash script is portable, stealthy, and feature-rich:\r\nPersistence through systemd, shell profile injection, crontabs (scheduled task configuration files), and rc.local\r\n(startup script) edits.\r\nStealth by masquerading as kernel processes and preserving timestamps.\r\nRemote Control via environment-based configuration.\r\nExfiltration and C2 (Command and Control) using gs-netcat and encrypted communication.\r\nWebhook notifications to platforms like Discord, Telegram, and custom URLs.\r\nhttps://checkmarx.com/zero-post/python-pypi-supply-chain-attack-colorama/\r\nPage 3 of 6\n\nThis isn’t your average script kiddie toolkit — it’s a highly capable backdoor designed to remain hidden and maintain\r\nlong-term access.\r\nKey Indicators of Compromise (IoC)\r\nType Value Description\r\nGitHub\r\nRepo\r\n[https]://github[.]com/s7bhme\r\nRepository hosting\r\nmalicious payloads\r\nand templates\r\nWebhook\r\nURL\r\n[https]://webhook[.]site/dc3c1af9-ea3d-4401-9158-eb6dda735276\r\nEndpoint used by\r\nmalware to exfiltrate\r\ndata or notify\r\nPackage\r\nOwner\r\nrick_grimes\r\nUploaded\r\nColorizator(1.2.3,\r\n2.1.2) (Linux)\r\nPackage\r\nOwner\r\nmorty_smith\r\nUploaded\r\ncoloraiz(1.0.1,\r\n1.0.2, 1.0.3) (Linux)\r\nPackage\r\nOwner\r\nreven\r\nUploaded\r\ncoloramapkgsw\r\n(0.1.0),\r\ncoloramapkgsdow\r\n(0.1.0) (Windows)\r\nPackage\r\nOwner\r\nm5tl\r\nUploaded\r\ncoloramashowtemp\r\n(0.1.0) (Windows)\r\nPackage\r\nOwner\r\ndsss\r\nUploaded\r\ncoloramapkgs(0.1.0),\r\nreadmecolorama\r\n(0.1.0) (Windows)\r\nFile Hash\r\n(SHA256)\r\nd30c78c64985a42c34ef142fd8754a776c8db81228bafc385c5bd429252e4612\r\nMalicious Linux bash\r\nscript (downloaded\r\nby payload)\r\nFile Hash\r\n(SHA256)\r\ndaef5255eac4a4d16940e424c97492c6bad8fdafd2420632c371b9d18df3b47f\r\nWindows payload\r\n(x69gg.exe)\r\nexecuted by Python\r\nscript\r\nThese IOCs are represented in the Checkmarx Malicious Package Protection component, including the Threat\r\nIntelligence API, for inclusion into customer programs.\r\nhttps://checkmarx.com/zero-post/python-pypi-supply-chain-attack-colorama/\r\nPage 4 of 6\n\nOutput for coloramapkgs query with the Checkmarx Threat Intel API\r\nAttribution Is a Challenge\r\nInitially, the similarities in naming and upload timing led us to believe that both the Linux and Windows payloads were\r\ndeployed by the same actor. But as our investigation progressed, differences in tooling, tactics, and infrastructure suggest\r\notherwise.\r\nAt this time, we can’t definitively attribute both payload sets to a single source. They may be separate campaigns\r\nexploiting a similar typo-squatting tactic — a reminder of how quickly malicious techniques spread in cybercrime\r\necosystems.\r\nRecommended Response\r\nWhile this particular set of packages is no longer available from public sources, defenders should be prepared to detect\r\nand respond rapidly to this and similar attack patterns. While individual organization threat models may indicate\r\nadditional controls and behaviors, we recommend, at minimum:\r\nExamine deployed and deployable application code for malicious package names and indicators of compromise\r\nhttps://checkmarx.com/zero-post/python-pypi-supply-chain-attack-colorama/\r\nPage 5 of 6\n\nExamine private package repositories and proxies (such as Artifactory); remove any instances of malicious\r\npackages and add them to a block list\r\nEnsure installation of these packages is blocked on developer desktops, test environments, etc.\r\nCheckmarx customers can use Malicious Package Protection features, including our Threat Intel API, to automate many\r\naspects of these tasks\r\nTags:\r\nAppSec\r\nCheckmarx Security Research Team\r\nMalicious Packages\r\nPyPi\r\nPython\r\nSupply Chain Security\r\nSource: https://checkmarx.com/zero-post/python-pypi-supply-chain-attack-colorama/\r\nhttps://checkmarx.com/zero-post/python-pypi-supply-chain-attack-colorama/\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://checkmarx.com/zero-post/python-pypi-supply-chain-attack-colorama/"
	],
	"report_names": [
		"python-pypi-supply-chain-attack-colorama"
	],
	"threat_actors": [],
	"ts_created_at": 1775434925,
	"ts_updated_at": 1775791241,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e595ace58b968c7dd0ba89aa30bd791f9f46eb6b.pdf",
		"text": "https://archive.orkl.eu/e595ace58b968c7dd0ba89aa30bd791f9f46eb6b.txt",
		"img": "https://archive.orkl.eu/e595ace58b968c7dd0ba89aa30bd791f9f46eb6b.jpg"
	}
}