The malicious package contains a Python script that visits legitimate WooCommerce sites, collects product IDs, and then adds items to the cart by invoking the store's backend. Next, it navigates ...