Supply Chain Attack via New Malicious Python Package, “shaderz”
This Python package was published on December 2, 2022, as shown in its official PyPI repository. The package includes malicious code in its setup.py installation script that downloads and runs an executable file as a part of its installation.