Malicious Chimera Turns Larcenous on Python Package Index www.darkreading.com/applicati…

A malicious package recently uploaded to the Python Package Index (PyPI) is the latest manifestation of the growing sophistication of software supply chain threats.

Security researchers at JFrog recently discovered the multistage attack malware, “chimera-sandbox-extensions,” lurking on the repository and have surmised it was most likely targeting organizations using chimera-sandbox for developing and testing code for artificial intelligence. An attacker with the username “chimera” appears to have uploaded the package to PyPI.