A New Supply Chain Threat Targeting Developers: What You Need to Know About PyStoreRAT 

Morphisec outlines the PyStoreRAT campaign: a stealthy, modular RAT delivered through weaponized GitHub repositories and lightweight Python/JS loader stubs that use fileless mshta.exe execution and obfuscated in-memory payloads. The multi-month operation leverages AI-generated repository content, social promotion, artificial star/fork inflation, and rotating C2 infrastructure, and includes deployment of the Rhadamanthys info-stealer; the report highlights supply-chain and developer-environment risks, EDR evasion, and recommends pre-execution memory-deception defenses.