Hundreds of malicious Python packages found stealing sensitive data

Checkmarx’s Supply Chain Security team has been monitoring a malicious campaign that has planted hundreds of info-stealing packages on open-source platforms. These have been downloaded roughly 75,000 times and the code steals sensitive data from targeted systems. The authors of these packages have added layers of obfuscation and evasion techniques to their code, making them more sophisticated and difficult to detect. The campaign has directly stolen about $100,000 in cryptocurrency to date.