Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and exfiltrate credentials and other valuable data. It has since been taken down, but not before attracting 183 downloads.