all InfoSec news
PyPI repo poisoned with "Colour-Blind" RAT
Malware Analysis, News and Indicators - Latest topics malware.news
Malicious actors are increasingly dropping malware packages into open-source software repositories in the hope that developers will spread that malicious code throughout their applications. The latest case in point: Kroll's recent discovery of a full-featured information stealer and remote access trojan (RAT) into the Python Package Index (PyPI).
Kroll, a risk and financial advisory company, unearthed the malware, which it dubbed Colour-Blind, through a tool it developed to gather more information about initial attack vectors.
Colour-Blind shows how easily hackers …
access advisory applications attack case code colour-blind developers discovery featured financial hope information information stealer kroll latest malicious malicious actors malware open-source software package packages point pypi python python package python package index rat remote access remote access trojan repo repositories risk software stealer tool trojan