Malicious Python packages on PyPI downloaded 39,000-plus times, steal sensitive data

Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a legitimate Python module called bitcoinlib, according to ReversingLabs. A third package discovered by Socket, disgrasya, contained a fully automated carding script targeting WooCommerce stores.

Read more at The Hacker News