The FortiGuard Labs team has discovered a new 0-day attack embedded in three PyPI packages (Python Package Index) called ‘colorslib’, ‘httpslib’, and “libhttps”. They were found on January 10, 2023, by monitoring an open-source ecosystem. The Python packages “colorslib” and “httpslib” were published on January 7, 2023, and “libhttps” was published on January 12, 2023. All three were published by the same author, ‘Lolip0p’, as shown in the official PyPI repository. ‘Lolip0p’ joined the repository close to the publish date. These packages download and run a malicious binary executable.
Supply Chain Attack Using Identical PyPI Packages