Malicious Package

Affecting colourama package, versions [0,]

Overview

12 Python libraries were identified as malicious packages. colourama was financially-motivated and hijacked an infected users' operating system clipboard, where it would scan every 500ms for a Bitcoin address-like string, which it would replace with the attacker's own Bitcoin address in an attempt to hijack Bitcoin payments/transfers made by an infected user.

On October 13th, 2018 all of these packages have been removed from Pypi.

Remediation

Avoid usage of this package altogether.

References

Do your applications use this vulnerable package?

CVSS Score

9.8
high severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    High
  • Availability
    High
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Credit
Bertus
CWE
CWE-506
Snyk ID
SNYK-PYTHON-COLOURAMA-72537
Disclosed
13 Oct, 2018
Published
28 Oct, 2018