The Ultimate Guide To Cybersecurity In The Real World. - Register Here
The Ultimate Guide To Cybersecurity In The Real World. - Register Here
Schedule a Consultation
Hoplon InfoSec Logo
  • Products
  • Services

Hoplon Infosec · Threat Intelligence

PyPI Supply Chain Attack: A Cross-Ecosystem Threat Targeting Python and NPM Developers

ByHoplon Infosec
Published04 Jun, 2025
PyPI Supply Chain Attack: A Cross-Ecosystem Threat Targeting Python and NPM Developers
Hoplon Infosec04 Jun, 2025

The open-source software ecosystem has long been celebrated for its collaborative spirit and rapid innovation. However, this openness also creates an attractive landscape for malicious actors seeking to compromise software supply chains. A recent campaign targeting the Python Package Index (PyPI) has brought these concerns to the forefront, showcasing an advanced and cross-ecosystem attack that extends beyond traditional Python boundaries and into the JavaScript NPM ecosystem. This unprecedented campaign illustrates the evolving threat landscape facing modern software development and underscores the need for heightened vigilance among developers and security teams alike.

The Campaign Unveiled: A Sophisticated PyPI Supply Chain Attack

In early June 2025, security researchers from Checkmarx identified a series of malicious packages uploaded to the PyPI repository. These packages, bearing names closely resembling popular libraries such as colorama (a widely used Python library for terminal color control), employed a well-established technique known as typosquatting. Typosquatting involves the deliberate creation of packages with names that differ slightly from legitimate ones, exploiting typographical errors that developers might make during installation.

What sets this campaign apart is its cross-ecosystem approach. In addition to mimicking Python package names, the attackers drew inspiration from JavaScript’s NPM ecosystem, creating confusion by using naming conventions typically associated with JavaScript libraries. This unusual tactic suggests a deliberate attempt to expand the attack’s reach, potentially targeting JavaScript developers in future campaigns.

The attackers’ strategy leverages the interconnected nature of modern development environments, where developers often work across multiple programming languages and ecosystems. By adopting familiar naming patterns from NPM within PyPI, the campaign increases the likelihood of accidental installation by developers who may not notice subtle differences in package names.

Technical Breakdown: Windows and Linux Payloads

The malicious packages demonstrated a high degree of sophistication, incorporating advanced payloads tailored to both Windows and Linux platforms. Each variant exhibited distinct behaviors designed to establish persistent access, evade detection, and exfiltrate sensitive information.

Windows Payloads

On Windows systems, the malicious payloads executed a series of commands specifically crafted to disable built-in security controls. Key among these were commands targeting Windows Defender, the default antivirus solution for Windows environments. The following commands illustrate the attackers’ approach:

“C:\Program Files\Windows Defender\MpCmdRun.exe” -RemoveDefinitions -All

Set-MpPreference -DisableIOAVProtection $true

The first command systematically removes all existing malware definitions, effectively blinding Windows Defender to known threats. The second command disables the scanning of files originating from the Internet, further reducing the system’s ability to detect malicious activity. By executing these commands, the attackers created significant blind spots in the target environment’s security posture.

In addition to disabling security software, the Windows payloads actively harvested environment variables from the system’s registry. Environment variables often contain sensitive information, such as API keys, database credentials, and configuration secrets. Exposing these variables provides attackers with valuable footholds for lateral movement and data exfiltration.

The malware also incorporated advanced evasion techniques. It dynamically identified and adjusted its behavior based on the presence of security software, making detection and mitigation more challenging for defenders.

Linux Payloads

The Linux variants of the malicious packages employed similarly advanced tactics, focusing on establishing encrypted backdoors for persistent remote access. The attackers used RSA key pairs, placing the public key at /tmp/pub.pem and leveraging it to encrypt communication with command-and-control servers.

To establish initial footholds, the Linux payloads downloaded remote bash scripts from the domain gsocket.io/y. These scripts facilitated the installation of gs-netcat, a tool for encrypted remote connections. The attackers also exfiltrated data by uploading encrypted output to Pastebin, leveraging valid developer keys to bypass standard security checks.

This dual-platform approach underscores the campaign’s sophistication and adaptability, demonstrating the attackers’ commitment to establishing reliable access regardless of the target environment.

Indicators of Compromise (IoCs)

The Checkmarx report identified several indicators of compromise associated with this campaign:

  • Malicious package names such as coloramapkgs, coloramapkgsdow, coloramashowtemp, colorizator, and coloraiz.
  • Author accounts linked to the packages, including aliases like rick_grimes, morty_smith, reven, m5tl, and dsss.
  • The presence of files like /tmp/pub.pem on Linux systems.
  • Execution of Windows Defender bypass commands.

These IoCs serve as vital detection points for security teams tasked with identifying potential infections within their environments.

Attribution and Motivations

Attributing the campaign to a specific threat actor remains an ongoing challenge. However, Checkmarx researchers suggest that the campaign’s complexity and the deliberate cross-ecosystem approach indicate either:

  1. Targeted attacks against specific organizations that rely heavily on both Python and JavaScript technologies; or
  2. Sophisticated testing phases intended to refine techniques for broader deployment in future campaigns.

Regardless of attribution, the attackers’ methods reveal a deep understanding of modern development environments and the interdependencies between ecosystems.

Implications for Developers

The implications of this campaign are far-reaching. Developers, who form the backbone of modern software production, must recognize that their toolchains are increasingly targeted by sophisticated adversaries. Supply chain attacks exploit the inherent trust placed in third-party dependencies—trust that can be abused when malicious packages are introduced into public repositories.

For developers, the key takeaway is vigilance. Typo squatting attacks rely on minor, often imperceptible errors in package names. A single mistyped command can compromise an entire development environment, exposing sensitive data and opening the door to persistent threats.

Recommendations for Developers

To mitigate the risks associated with supply chain attacks, developers should adopt the following best practices:

  • Verify Package Names: Double-check package names before installation to avoid typosquatting traps. Pay close attention to common misspellings or slight variations that could indicate malicious intent.
  • Use Trusted Sources: Where possible, rely on trusted package mirrors or internal repositories that mirror known-good versions of dependencies.
  • Leverage Package Verification: Employ hash or PGP signature verification to ensure the integrity of downloaded packages.
  • Maintain Minimal Dependencies: Adopt a minimalistic approach to third-party libraries, using only those that are essential for project functionality.
  • Stay Informed: Monitor security advisories from PyPI, NPM, and trusted security researchers to stay abreast of emerging threats.

Recommendations for Security Teams

Security teams play a crucial role in defending organizational assets from supply chain attacks. Key recommendations include:

  • Monitor Build Pipelines: Integrate security scanning tools into CI/CD pipelines to detect suspicious packages and dependency changes.
  • Implement EDR Rules: Enhance endpoint detection and response (EDR) tools with rules to detect known evasion commands and indicators of compromise, such as the Windows Defender bypass commands used in this campaign.
  • Conduct Regular Audits: Perform routine security audits of third-party dependencies and environment configurations.
  • Harden Environments: Secure development environments with strict access controls and environment segmentation to limit the impact of compromised dependencies.
  • Educate Developers: Provide training on secure package management practices and the risks associated with supply chain attacks.

Broader Industry Implications

The emergence of cross-ecosystem supply chain attacks signals a concerning evolution in adversarial tactics. The interconnected nature of modern development ecosystems means that vulnerabilities in one language’s package repository can have ripple effects across other ecosystems. This blurring of ecosystem boundaries requires a holistic approach to software supply chain security.

Organizations must recognize that supply chain risks are not confined to their primary programming language. The lines between ecosystems are increasingly porous, and security strategies must account for this expanded threat landscape.

Future Outlook

The PyPI supply chain attack serves as a warning for the broader software community. The attackers’ willingness to explore cross-ecosystem tactics suggests a future in which such campaigns become more common and more sophisticated. As developers and security teams adapt, attackers will undoubtedly refine their methods, seeking new avenues to exploit the trust inherent in open-source software.

The removal of the malicious packages from PyPI represents a short-term victory for defenders. However, the complexity of the attack underscores the need for ongoing vigilance and proactive defense measures. Supply chain security must become a foundational pillar of modern software development practices.

Conclusion

The recent PyPI supply chain attack targeting Python and NPM users exemplifies the evolving nature of cyber threats in the open-source ecosystem. By combining typosquatting, cross-ecosystem deception, and advanced evasion techniques, the attackers demonstrated a level of sophistication that should serve as a wake-up call for developers and security professionals alike.

Moving forward, a shared commitment to secure development practices, robust dependency management, and continuous threat monitoring will be essential to defending against these complex campaigns. As the open-source community continues to innovate, so too must it adapt to the realities of a threat landscape that is as dynamic as it is relentless.

About the author

Hoplon Infosec

Hoplon Infosec

Was this useful?

React, leave a note, or share it forward.

Leave a note

Share this article

Share this :

Free · Weekly · No noise

Get the threats that matter, before they reach you.

One short email a week with the breaches, zero-days, and fixes worth your attention — written in plain English, no fear-mongering.

Hoplon InfoSec Logo
Address : 1415 West 22nd Street, Tower Floor, Oak Brook, IL 60523

Phone : +1 (773) 904-3136

Email : info@hoploninfosec.com

Services

  • Penetration Testing
  • Cyber Security Assessment
  • AI Development
  • Incident Readiness & Response Recovery

Products

  • IBM Flash Storage Solutions
  • Mobile Security
  • Endpoint Security
  • Deep and Dark Web Monitoring

Sign Up For Newsletter

Get the latest updates on new products and upcoming news

Copyright © Hoplon InfoSec, LLC and its group of companies.
About usContact usTerms & ConditionsCookie PolicyPrivacy Policy
03Latest posts

Keep reading.

SonicWall SMA1000 Zero-Day Vulnerabilities: Patch Now
15 Jul, 2026

SonicWall SMA1000 Zero-Day Vulnerabilities: Patch Now

SonicWall SMA1000 zero-day vulnerabilities are under active attack. See affected versions, CVE details, IOC checks and the patch you need right now.

Read More
Windows 11 KB5101650 Dell Issue: Causes and Full Fix Guide
15 Jul, 2026

Windows 11 KB5101650 Dell Issue: Causes and Full Fix Guide

Windows 11 KB5101650 is blocked on some Dell PCs after an Intel driver conflict triggered shutdowns and overheating. Here is what happened and what to do.

Read More
OFAC Sanctions First VPN Service Over Ransomware
14 Jul, 2026

OFAC Sanctions First VPN Service Over Ransomware

Learn why OFAC sanctioned First VPN Service and a malware cryptor seller, how 1VPNS helped ransomware groups, and how to defend against FSB router attacks.

Read More
CVE-2026-57807: Critical WordPress SSO Flaw Explained
13 Jul, 2026

CVE-2026-57807: Critical WordPress SSO Flaw Explained

CVE-2026-57807 affects miniOrange OAuth SSO through 38.5.8. Learn who is exposed, how the flaw works, plus safe mitigation and incident response steps.

Read More
Mobile App Security Guide: Risks, Fixes and Best Practices
13 Jul, 2026

Mobile App Security Guide: Risks, Fixes and Best Practices

Mobile app security explained simply, covering real risks, OWASP threats, encryption and practical steps to protect any app from hackers.

Read More
Apple OpenAI Lawsuit: Inside the Trade Secret Theft Claims
13 Jul, 2026

Apple OpenAI Lawsuit: Inside the Trade Secret Theft Claims

Apple OpenAI lawsuit explained. See what Apple accuses Tang Tan, Chang Liu and OpenAI of stealing, and what it means for hardware security.

Read More