Planted Malicious Python Packages Stealing Sensitive Data

Over the past six months, a complex malicious campaign has emerged, planting info-stealing packages on open-source platforms with 75,000 downloads.Monitored by Checkmarx's analysts since April, it involves 272 packages for stealing data, evolving with advanced obfuscation and evasion techniques.Since its initial detection, the attack has undergone significant evolution. The authors of these packages have introduced increasingly advanced layers of obfuscation and evasion techniques to thwart detection.Read more...