In an unprecedented move that will surely astound the nation’s greatest tech minds, a series of GitHub-hosted Python repositories have decided to switch careers. Once known as development utilities and OSINT tools, these repos have now decided to moonlight as distributors of a Magic-School-Bus-like excursion into malware heaven—delivering a new JavaScript-based Remote Access Trojan (RAT) known as PyStoreRAT. Because why settle for just facilitating open-source innovation when you can also casually cultivate a malware ecosystem?

Our friendly GitHub repositories, taking their job descriptions a little too liberally, contain just a smattering of code. This minimalist masterpiece cleverly acts as a concierge, silently ushering in a remote HTA file, like a 5-star butler in a fancy mansion, except the mansion is your computer, and the butler brought a flamethrower.

Cybersecurity researchers, who were originally just looking for a quiet day at the office, are reportedly unimpressed by yet another RAT in their lives. They noted that these repos are hiding their true ambitions behind the thin veneer of Python scripts, proving once more that you shouldn’t trust anything that asks you to ‘pip install’ unless you enjoy living on the edge—of a cyber cliff.