SiliconAngle reports that the Top.gg GitHub organization, which is commonly leveraged for Discord servers, and other GitHub developers have been compromised in a new software supply chain attack campaign that involved browser cookie exfiltration and malicious PyPi package publication.
After having various widely used GitHub projects linked to a dependency on fraudulent Python infrastructure to allow the release of malicious PyPi packages, attackers leveraged the typosquatted "files[.]pypihosted[.]org" domain to lure downloads of weaponized versions of Colorama and other popular packages, a Checkmarx report showed. Threat actors also proceeded to leverage space padding and other techniques to obfuscate the payload within the poisoned Colorama package before creating additional malicious GitHub repositories. Such an intrusion is indicative of threat actors' relentless efforts in bolstering supply chain attacks, according to Cequence Security Hacker in Residence Jason Kent. "This attack was sophisticated in nature and is looking to create havoc on systems that users are accessing daily... Be prepared, log out of your systems when you are done, don't store API Keys and make sure your authentication artifacts are as ephemeral as possible," said Kent.