DangerousPassword attacks targeting developers’ Windows, macOS, and Linux environments

JPCERT/CC reports a targeted campaign by the DangerousPassword (aka CryptoMimic / SnatchCrypto) group that injects malicious code into developer libraries (a Python pyqrcode module and Node.js express files) to deploy downloader/backdoor malware across Windows, macOS, and Linux; the campaign uses obfuscation (ROT13/BASE64), scheduled execution, MSI-based droppers, DLL sideloading, and backdoors (PythonHTTPBackdoor, JokerSpy), and the report provides C2 domains and numerous malware hashes as IOCs.