Threat actors uploaded malicious Python packages to the PyPI repository and promoted them through the StackExchange online question and answer platform.

Researchers from Checkmarx have uncovered a sophisticated campaign in which attackers built credibility within the Python Package Index (PyPI) community to release crypto-draining, data-stealing ...

Python Q&A site StackExchange hijacked to spread malware disguised as answers. News. By Craig Hale published 2 August 2024 Be wary of malware-ridden forums.