The Python Package Index (PyPI) registry has removed three malicious Python packages aimed at exfiltrating environment variables and dropping trojans on the infected machines. These malicious ...

The malicious package downloads an image from the Web, then uses a steganography module to extract and execute the code to download malware.

Hidden Risk PyPI is one of the most popular Python package repositories in the world, with millions of daily downloads and a half-million hosted packages.