JarkaStealer and Malicious xmlrpc Library Expose Cybersecurity Risks to Developers on PyPI and npm

Recent cybersecurity research has revealed significant threats within software supply chains, particularly involving malicious packages on the Python Package Index (PyPI) and npm. Kaspersky researchers identified that certain packages on PyPI contained JarkaStealer infostealer malware, which was disguised as access to OpenAI's ChatGPT and Anthropic's Claude AI models. Meanwhile, a year-long attack on npm was uncovered, where a seemingly benign xmlrpc library was found to exfiltrate sensitive data and mine cryptocurrency. This malicious activity poses a serious risk to developers, especially those in the cryptocurrency sector, as highlighted by reports of keylogging and wallet theft associated with these malicious packages.