ReversingLabs has identified a novel attack on #PyPI using compiled #Python code to evade detection in the #SupplyChain: https://www.reversinglabs.com/blog/when-python-bytecode-bites-back-who-checks-the-contents-of-compiled-python-files
When byte code bites: Who checks the contents of compiled Python files?
ReversingLabs researchers identified a PyPI attack using compiled Python code to evade detection — possibly the first PYC file direct-execution attack.Karlo Zanki (Reversing Labs)