‘Culturestreak’ Malware Lurks Inside GitLab Python Package

Security researchers discovered a malicious Python file on GitLab called “culturestreak”, which exploits system resources to mine Dero cryptocurrency. Developed by Aldri Terakhir, the package runs in a continuous loop, exploiting resources without authorisation for a larger cryptomining operation. The discovery illustrates the ongoing supply chain threats posed by threat actors who poison open source packages to reach a maximum number of victims with minimal effort.