Security researchers say this case shows how potentially vulnerable organizations are when they depend on the security practices of open source maintainers.
Researchers with Google’s security arm say they have been dealing with a particularly nasty Chinese disinformation group responsible for hundreds of thousands of malicious accounts.
Security pros say teams need to monitor for changes in the threat landscape and gain visibility to this evolving malware trend via frequent audits and purple team exercises.