PolySwarm summarizes Unit 42 reporting on Labyrinth Chollima using poisoned Python packages on PyPI to deliver PondRAT to developer systems. The campaign targets software development supply chains by running an encoded next stage during package installation, retrieving the payload from C2, and executing Linux and macOS backdoors. PondRAT can upload and download files, check implant activity, sleep, and execute commands, while Unit 42 also identified a new Linux variant of PoolRAT. The attribution to Labyrinth Chollima rests on code and execution-flow similarities with AppleJeus-linked macOS malware and overlaps between PondRAT and PoolRAT.