Hundreds of malicious Python packages found stealing sensitive data

Malware has been found on open-source platforms where it has been downloaded about 75,000 times. Security analysts discovered 272 packages featuring code designed to steal sensitive data. The campaign began in April 2023 and has become more advanced. The malware subverts security products, takes screenshots, steals files, and diverts cryptocurrency payments. It’s believed to have stolen about $100,000 in cryptocurrency, and users are recommended to scrutinize package publishers.