A malware campaign described through InvisibleFerret shows how recruiting lures and native-looking Python artifacts can collide inside a developer workflow.