VMConnect: Malicious PyPI packages imitate popular open source modules
released on 2023-08-08 @ 03:59:13 PM
Software supply chain security researchers from ReversingLabs have identified a campaign of malicious Python packages imitating popular open source tools, which they believe could be used to plant malicious code for the next three years.