A major supply chain security incident has rocked the Python open-source community as researchers at Socket’s Threat Research Team uncovered seven interconnected malicious packages published on the Python Package Index (PyPI).
These packages Coffin-Codes-Pro, Coffin-Codes-NET2, Coffin-Codes-NET, Coffin-Codes-2022, Coffin2022, Coffin-Grave, and cfc-bsb-were ingeniously designed to exploit Gmail’s SMTP service, establishing covert command-and-control tunnels and enabling attackers to execute arbitrary commands on compromised machines.
https://gbhackers.com/seven-malicious-p ... mail-smtp/