JuiceLedger is a cybercriminal group that emerged in early 2022, primarily motivated by financial gain through information theft. The group initially conducted low-key campaigns using fraudulent Python installer applications and fake cryptocurrency trading applications to spread its custom infostealer, JuiceStealer. JuiceLedger rapidly evolved its attack methodology, notably executing the first known phishing campaign against the Python Package Index (PyPI) in August 2022. This unique pivot to supply chain attacks, involving targeted phishing against PyPI contributors and typosquatting of hundreds of packages, demonstrated a significant escalation in their capabilities and resourcefulness, distinguishing them as an actor capable of compromising major software distribution channels for broader victim infection. The group’s operations are centered on stealing sensitive data rather than encrypting systems for ransom.