Researchers have discovered that threat actors have been using open-source platforms and codes for several purposes, such as hosting C2 infrastructure, storing stolen data, and delivering second and third-stage downloaders or rootkit programs. Two open-source PyPI packages were discovered to be utilized by threat actors for executing code via DLL sideloading attacks as a means of evading security monitoring tools.

Source: GBHackers