Researchers found three malicious PyPI packages, two targeting bitcoin developers, and one WooCommerce stores
Two are designed to steal data, and the third to test for valid credit cards
All three have since been removed from the repository
Multiple open source software packages on the Python Package Index (PyPI) repository were found to be malicious, likely compromising thousands of devices, experts have warned.
Cybersecurity researchers at ReversingLabs found two malicious packages, “bitcoinlibdbfix” and “bitcoinlib-dev”, which cumulatively have around 2,000 downloads.
