Python repository Python Package Index (also known as PyPI or Cheese Shop) has been targeted by malicious actors. Researchers at ReversingLabs have discovered the most recent attack against a repository. The malware resides in a module named “libpeshnx,” which is similar to an earlier module. The actual backdoor mechanism is simple, involving a call to a command-and-control server followed by a wait to be activated. Security professionals need to understand these code repositories are critical pieces of their software supply chain.”]
Source: https://www.darkreading.com/application-security/malware-in-pypi-code-shows-supply-chain-risks