An unusual attack using an open-source package installer called Chocolatey, steganography and Scheduled Tasks is stealthily delivering spyware to companies.

All-in-one Python project management tool written in Rust aims to replace pip, venv, and more. Here's a first look.

Python modules are typically installed using a package manager called 'pip', which launches a 'setup.py' file that is made available by the developer of the package for installation purposes.

The malware has been found in the French construction and government sectors and uses steganography, Tor proxy and package installer software, Proofpoint says.