When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Experts have warned PyPI continues to be abused after researchers discovered more malicious packages hiding on the platform.
It uses libraries like pynput and ImageGrab, along with obfuscation techniques, indicating clear malicious intent.
Both packages are described as sophisticated, persistent, and dangerous.
Developers build code blocks and share with their peers via the platform.
This gives cybercriminals an opportunity to smuggle malicious code, and infect countless projects through the software supply chain.
