Security researchers are alerting about an ongoing supply chain attack that uses malicious Python packages to distribute an information stealer. The attackers have been active since October 2022. The attack was uncovered by investigators on 01 November 2022, with the attackers copying existing popular libraries and injecting a malicious ‘import’ statement into them. The purpose of the injected code is to infect the victim’s machine with a script that runs in the background. The script, which f
