Top Python Developers Hacked in Sophisticated Supply Chain Attack


Called Colorama, the utility makes ANSI escape character sequences work on Windows and has more than 150 million monthly downloads.

To mount their supply chain attack, the hackers cloned the tool, inserted malicious code into it, and placed the malicious version on a fake mirror domain that relied on typosquatting to trick developers into mistaking it for the legitimate ‘’ mirror.

To spread the malware-laden package, the attackers created malicious repositories under their own accounts and hijacked high-profile accounts, including the GitHub account ‘editor-syntax’, a maintainer of the search and discovery platform for Discord, which has a community of over 170,000 members.

Using the ‘editor-syntax’ account, the attackers contributed a malicious commit to the top-gg/python-sdk repository, adding instructions to download the malicious clone of Colorama, and starred malicious GitHub repositories to increase their visibility.

The account was likely hacked via stolen cookies, which the attackers used to bypass authentication and perform malicious activities without knowing the account’s password. Multiple members of the community were compromised as result of this.

Read More…