ESET uncovers malicious Python projects spreading via PyPI

ESET Research has discovered malicious Python projects being distributed via PyPI, an authorised Python package repository. The malware targets Windows and Linux systems, deploying a modified backdoor with cyberespionage capabilities, such as enabling remote command execution, file exfiltration, and taking screenshots. The malware was found in 53 projects, downloaded over 10,000 times in the past year. A spokesperson from ESET stated that developers should vigilantly review code before installing it from any public repository.