Sonatype spots another PyPI package behaving badly

Identity of a real person was used to lend credence to a package that dropped cryptominer in memory

Sonatype has unearthed yet more malware lurking on PyPI, this time a fileless Linux nasty designed to mine Monero and using the identity of a real person to lend credibility to the package.…

from The Register