Frankenstein's monster found in PyPI, assembled from the code of various malware
According to a report dated 6 March 2023, a new malicious package named "Colour-Blind" has been discovered in the Python Package Index (PyPI) catalogue.
The authors of this package have compiled their malware from the code of other malicious programs, from various sources, and the researchers believe that the authors of this package are unskilled.
The malware contained in the package can remotely take control of the infected device, steal data such as passwords and cookies, take screenshots of the desktop and monitor the victim using the built-in camera. The package also contained a copy of the Snake game, probably copied entirely from the GitHub repository.
Microsoft had also recently warned against a phishing kit like this one that looked like a Frankenstein's monster made of a patchwork of several malware.
Read more about it : here