SentinelLabs, in collaboration with Checkmarx, has been tracking the activity and evolution of a threat actor dubbed “JuiceLedger”. In early 2022, JuiceLedger began running relatively low-key campaigns, spreading fraudulent Python installer applications with ‘JuiceStealer’, a .NET application designed to steal sensitive data from victims’ browsers. In August 2022, the threat actor engaged in poisoning open-source […]
The post PyPI phishing campaign: threat actor JuiceLedger pivots from fake apps to supply chain attacks appeared first on .