When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
The loader, hidden behind seven layers of obfuscation, drops a modified version of the open source BlackCap-Grabber.
BlackCap-Grabber also performs a long series of additional malicious activities, the researchers added.
GitHub has a way to tackle the problem, it was said.
Using artificial intelligence, it manages to stop the vast majority of cloned packages before ever reaching the platform.
However, 1% survive, amounting to thousands of malicious repos it was said.
ViaArs Technica
