A malicious Python package uploaded to the Python Package Index (PyPI) has been found to contain a fully-featured information stealer and remote access trojan.
The package, namedΒ colourfool, was identified by Kroll's Cyber Threat Intelligence team, with the company calling the malwareΒ Colour-Blind.
"The 'Colour-Blind' malware points to the democratization of cybercrime that could lead to an
Python has its pros and cons, but it's nonetheless used extensively. For example, Python is frequently used in data crunching tasks even when there are more appropriate languages to choose from.
Why? Well, Python is relatively easy to learn. Someone with a science background can pick up Python much more quickly than, say, C. However, Python's inherent approachability also creates a couple of