From securityweek.com
Software supply chain security firm Phylum has identified a malicious attack targeting Python Package Index (PyPI) users with the PoweRAT backdoor and information stealer.
The campaign was first detected on December 22, 2022, when a malicious package named PyroLogin was identified as Python malware designed to fetch code from a remote server and execute it silently.
Between December 28 and 31, Phylum’s security researchers observed five additional packages containing code similar to PyroLogin being published to PyPI: EasyTimeStamp, Discorder, Discord-dev, Style.py, and PythonStyles.