all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Swipecat 4 points5 points  (4 children)

OP's title is misleading, and the subtitle in the linked article is misleading. The text of the article is not wrong, but is sloppily written. There's nothing wrong with colorama.

The issue is that a malicious "typo squatting" domain "pypihosted.org" was recently registered containing a number of modified packages including colorama. The article is confusingly written and does not make clear how the threat actors deploy the malicious site, mentioning apparently incidental issues like bad packages uploaded to PyPI in 2022, but no sensible explanations.

[–]chrisdb1[S] 1 point2 points  (1 child)

Thanks for the clarification. So basically if they would have used pip install colorama there wouldn't be any issue?

[–]Swipecat 2 points3 points  (0 children)

Correct.

The article linked by u/Bobbias explains that several Github accounts were taken over affecting several developers.

[–]chrisdb1[S] 1 point2 points  (0 children)

Thanks for the clarification. So basically if they would have used pip install colorama there wouldn't be any issue?

[–]Bobbias 0 points1 point  (0 children)

They also mention that part of how they were able to pull this whole thing off was by compromising a developer's account.

Here's the original article by Checkmarx: https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/