Security researchers have discovered two malicious packages on PyPI, the Python Package Index.
The packages, Zebo-0.1.0 and Cometlogger-0.1, hide harmful features behind complex logic and obfuscation.
Zebo-0.1.0 is designed for surveillance, data exfiltration, and unauthorized control, while Cometlogger-0.1 involves dynamic file manipulation, infostealing, and anti-VM checks.
Developers are advised to exercise caution and verify third-party scripts before running them.