North Korean state-sponsored hackers have uploaded malicious packages to the PyPI (Python Package Index) repository

Roblox gaming developers are lured in by a package that claims to create useful scripts to interact with the Roblox website

Malicious npm packages target Roblox devs

The campaign, discovered by researchers at ReversingLabs, uses typo-squatting and a number of sophisticated obfuscation tactics to entice users into downloading fake versions of commonly used software on npm, a popular open source software library.

Looked at from one angle, the recent attack on JumpCloud, a cloud-based identity and access management provider, was unsurprising.

Threat researchers at ReversingLabs, a software supply chain security and malware analysis platform, have discovered a malicious new PyPI package dubbed VMConnect on the Python Package Index (PyPI) repository.