The Python Package Index (PyPI) has suspended new project creation and user registration to mitigate an ongoing malware upload campaign.
The setup.py files contained obfuscated and encrypted code using the Fernet encryption module. Upon installation, this code would execute, triggering the retrieval of an additional payload from a remote server.
[
add
]
[
|
|
...
]