The JFrog Security Research team uncovered a new malware payload in the PyPI repository, notable for its C# composition, which is unusual for a primarily Python-focused platform. This discovery highlighted the potential for cross-language malware attacks, with 22 malicious packages identified, designed to target both Windows and Linux systems by executing different payloads based on the operating system. The Windows payload is a variant of the WhiteSnake malware capable of anti-debugging, communication with a command and control server via Tor, and data theft, while the Linux payload is a simpler Python script aimed at stealing information and sending it to a Telegram chat. The JFrog team uses automated tools to monitor open-source software repositories and alerts maintainers and the community to vulnerabilities and threats, updating their database to protect clients against such malicious campaigns.