PyPI Attack Delivers JarkaStealer Malware via AI-Labeled Libraries

Cybersecurity researchers have uncovered malicious Python libraries on PyPI impersonating ChatGPT and Claude AI APIs to distribute JarkaStealer, a Java-based malware. The packages, downloaded thousands of times, targeted developers by exploiting the popularity of AI tools. Once installed, the malware stole sensitive data, including session tokens, browser information, and system details. This incident highlights ongoing risks in open-source software supply chains.

Read more about this threat on The Hacker News here.