Summary: A new malicious campaign called VMConnect has been discovered on the Python Package Index (PyPI). The campaign involves 24 malicious packages that imitate popular open-source tools. The attackers displayed a more sophisticated approach by creating GitHub repositories to make their packages appear trustworthy. The malicious behavior was only detected through scanning the build artifacts. The packages were promptly removed from PyPI, but the attackers continuously replaced them, indicating an ongoing campaign. The purpose of the campaign is still unknown. Indicators of compromise have been published in the hope of shedding light on the campaign's origins and intent.

Hashtags: #VMConnect #MaliciousCampaign #PythonThreat #PyPI #SupplyChainAttack

https://www.infosecurity-magazine.com/news/vmconnect-threat-imitates-pypi/