The package installation script had a code part at the beginning, which was discovered through analysis. It begins by manually installing any further dependencies, gets an image from Imgur named “8F4D2uF.png,” processes the image using the freshly installed package called judyb, and finally executes the processing-generated result.
The judyb code was discovered to be a steganography module that was in charge of concealing and disclosing hidden messages in images. The picture downloaded during the apicolor installation may contain a secret element inside of it, according to Check Point Research.