PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks
released on 2022-09-02 @ 12:44:42 PM
JuiceLedger operators have actively targeted PyPi package contributors in a phishing campaign, successfully poisoning at least two legitimate packages with malware. Several hundred more malicious packages are known to have been typosquatted.