Malicious code in ilovenyxx (PyPI)

The package acts as an infostealer, exfiltrating sensitive files and credentials from browser databases via Telegram...

Malicious Package

Overview The package discord.dll contained malicious code. The package ran a postinstall script that exfiltrated local files such as browser local databases. The information was exfiltrated to a remote Discord webhook. Recommendation Remove the package from your system and rotate any credentials...