Checkmarx Uncovers Multi-Ecosystem Attack Using Fake Python and NPM Packages

Checkmarx has discovered a multi-ecosystem attack utilizing fake Python and NPM packages to install backdoors on Windows and Linux. These backdoors enable data theft and remote control. The malicious packages were found on PyPI and the NPM registry, impacting users of these platforms. The attack exploits the software supply chain to compromise victims' systems.