- A package called “lr-utils-lib” was uploaded to PyPi in early June 2024, containing malicious code that executes automatically upon installation.
- The malware uses a list of predefined hashes to target specific macOS machines and attempts to harvest Google Cloud authentication data.
- The harvested credentials are sent to a remote server.
 
                     
                    
                 
             
        
     
    
    
 
    4834 links