More information about the operators behind the first-known phishing campaign has surfaced by JuiceLedger Hackers, specifically aimed at the Python Package Index (PyPI), the programming language’s official third-party software repository.

SentinelOne and Checkmarx described the group as a relatively new entity that surfaced in early 2022, linking it to a threat actor tracked as JuiceLedger.

Initial “low-key” campaigns are said to have used rogue Python installer applications to deliver JuiceStealer, a.NET-based malware designed to siphon passwords and other sensitive data from victims’ web browsers.

Last month, the attacks received a significant boost when JuiceLedger actors launched a phishing campaign against PyPi package contributors, compromising three packages with malware.

SentinelOne researcher Amitai Ben Shushan Ehrlich wrote in a report: “The supply chain attack on PyPI package contributors appears to be an escalation of a campaign that began earlier this year, targeting potential victims through fake cryptocurrency trading applications,”

According to the cybersecurity firm, the goal is to infect a larger audience with the infostealer using a combination of trojanized and typosquat packages.


The development adds to growing concerns about the open source ecosystem’s security, prompting Google to announce monetary rewards for discovering flaws in publicly available projects.

With account takeover attacks becoming a popular infection vector for attackers looking to poison software supply chains, PyPI has begun requiring two-factor authentication (2FA) for “critical” projects.


According to SentinelOne, “JuiceLedger appears to have evolved very quickly from opportunistic, small-scale infections only a few months ago to conducting a supply chain attack on a major software distributor.”


Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.


About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.

This website uses cookies to improve your online experience. By continuing, we will assume that you are agreeing to our use of cookies. For more information, visit our Cookie Policy.

Privacy Preference Center