A nasty Python package continues a trend of targeting developers

Cybersecurity firm Checkmarx has detected malware targeting developers who use Python and obfuscate their code. The malware comes in packages mimicking legit obfuscation tools in open-source libraries, with the latest dubbed “BlazeStealer”. Once activated, it allows for a range of malicious activities, including data exfiltration, keystroke logging, and spying through webcams. The incident is part of a rising trend of attacks on developers and open-source libraries.