Researchers from Sonatype found the crypto-crypto in the official PyPI repository.
The investigation revealed that a high school student had uploaded the malware to the repository, and that any user of the packages was a victim of the ransomware.
Information security specialists found malicious packages requesys, requesrs and requesr in the PyPI repository, posing as the popular requests package. It is noted that the malware encrypted user data, but did not demand a ransom and redirected victims to a Discord server with decryption keys.