An unusual attack using an open-source package installer called Chocolatey, steganography and Scheduled Tasks is stealthily delivering spyware to companies.

Python modules are typically installed using a package manager called 'pip', which launches a 'setup.py' file that is made available by the developer of the package for installation purposes.

All-in-one Python project management tool written in Rust aims to replace pip, venv, and more. Here's a first look.

The malware has been found in the French construction and government sectors and uses steganography, Tor proxy and package installer software, Proofpoint says.