Summary:

• **What are malicious packages?** Hackers created fake software packages on websites where programmers download tools to help them code. These fake packages were designed to trick developers into downloading them, similar to how someone might disguise a virus as a helpful program.

• **Who is behind this?** Security experts believe a dangerous hacking group called Lazarus (linked to North Korea) created these fake packages as part of a trick where they pretended to be job recruiters to target software developers and steal their information.