- A package called “lr-utils-lib” was uploaded to PyPi in early June 2024, containing malicious code that executes automatically upon installation.
- The malware uses a list of predefined hashes to target specific macOS machines and attempts to harvest Google Cloud authentication data.
- The harvested credentials are sent to a remote server.
4019 links
