Cybersecurity researchers have identified malicious packages on PyPI and npm that target developers by stealing sensitive data, including credentials and environment variables. These threats demonstrate sophisticated multi-stage attack methods and emphasize the importance of vigilant security practices in open-source development environments. #chimera-sandbox-extensions #Pypi #npm #PulsarRAT #slopsquatting
Keypoints
- A malicious package called chimera-sandbox-extensions targets Chimera Sandbox users by stealing sensitive information.
- The malware employs a domain generation algorithm (DGA) and multi-stage payloads to evade detection.
- Npm packages like eslint-config-airbnb-compat and solders used for remote code execution have been taken down after widespread downloads.
- Complex obfuscation techniques conceal payloads, including a RAT hidden within a PNG image, to avoid security detection.
- Open-source supply chain threats now include credential stealers, cryptojackers, and sloppersquad tools exploiting AI-generated package names.
Read More: https://thehackernews.com/2025/06/malicious-pypi-package-masquerades-as.html