Cybersecurity analysts have identified a harmful package in the Python Package Index (PyPI) repository that incorporates harmful actions via a dependency, enabling it to maintain persistence and execute code.
The package, referred to as termncolor, implements its sinister functionality through a dependency called colorinal via a multi-phase malware operation, Zscaler.