`spam` project on PyPI compromised, malicious releases made

The spam project on PyPI was taken over via user account compromise via a phishing attack and a new malicious release made which contained code which some environment variables and downloaded and ran malware at install time...

PT-2024-40032 · Pypi · Spam

Name of the Vulnerable Software and Affected Versions: spam project on PyPI affected versions not specified Description: The issue concerns a compromise of the spam project on PyPI via a phishing attack, leading to a malicious release that downloads and runs malware at install time by accessing...