The malicious package, called “requests-darwin-lite”, was a fork of the popular “requests” Python package. The attacker used the cmdclass feature in the setup.py file to customize the package installation process.
This article has been indexed from Cyware News – Latest Cyber News