As obfuscators, the tools targeted Python developers with reason to keep their code secret because it had hidden capabilities, trade secrets, or otherwise sensitive functions.

Gleaming Pisces, Unit 42 claims, is a sub-group of Lazarus. "The weaponization of legitimate-looking Python packages across multiple operating systems poses a significant risk to organizations.

'BlazeStealer' Python Malware Allows Complete Takeover of Developer Machines Checkmarx researchers warn that BlazeStealer can exfiltrate information, steal passwords, disable PCs, and take over ...

Home Security Python GitHub token leak shows binary files can burn developers too by Lucian Constantin CSO Senior Writer ...

The package, called "culturestreak," originates from an active repository on the GitLab developer site from a user named Aldri Terakhir, Checkmarx revealed in a blog post Sept. 19.