Researchers have identified a campaign using GitHub-hosted Python repositories to spread a new JavaScript-based Remote Access Trojan called PyStoreRAT. This malware executes various malicious commands and targets cryptocurrency files, leveraging fake tools to deceive users into downloading it. The operation shows signs of being linked to Eastern European threat actors.