Python modules are typically installed using a package manager called 'pip', which launches a 'setup.py' file that is made available by the developer of the package for installation purposes.

Two malicious packages are targeting Bitcoin developers, and another hitting WooCommerce stores.

A recently spotted supply chain attack abused an old but legitimate Python package to deliver a malicious payload. Read more on how the attacker managed to do it and how to protect yourself from it.