Python Package Index (PyPI)
A recent analysis by Sonatype discovered a malicious Python Package Index (PyPI) package called "VMConnect" masquerading as the VMware vSphere "vConnector" module.
The spoofed package was found to contain malicious code designed to compromise users' systems. Further investigation revealed an ongoing campaign involving additional packages such as "ether" and "quantiumbase" with the same structures.
The VMConnect package's setup.py file contains code in the init.py file. When decoding this line, a script was discovered that connected to a URL controlled by the attacker and executed attacks on the host computer every minute.