Colourama

Colourama used typosquatting to register a package that had similar name to Colorama, one of is one of the top 20 most downloaded legitimate modules in the PyPI registry with 1 million downloads on a daily basis. The colourama package contains a malware which targets Windows machines to implement a cryptocurrency clipboard hijacker. As a result, was able to divert any Bitcoin payment from victim machines to the attacker’s bitcoin address.

Impact

Colourama was registered early in December 2017. It is not clear how many times the malicious package have been downlaoded since then. According to a report by Medium, it was downloaded 55 times in October 2018.

Type of compromise

A typosquat attack does not require compromising any type of infrastructure.