PyStoreRAT spreads via fake GitHub tools using small Python or JavaScript loaders to fetch HTA files and install a modular RAT.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

A new malware campaign distributes PyStoreRAT, a modular JavaScript-based Remote Access Trojan, through fake GitHub repositories disguised as OSINT tools and development utilities. The malware uses small Python or JavaScript loaders to download and execute HTA files via mshta.exe, establishing persistence through scheduled tasks and delivering additional payloads including the Rhadamanthys information stealer. The campaign artificially inflates repository metrics and targets analysts and developers, with threat actors likely of Eastern European origin based on Russian-language artifacts.

Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads