A researcher going by the handle mschwager on GitHub demonstrated an attack method that abuses the 'setup.py' file in Python modules to perform code execution when the package is installed.

Do you have a Python application you want to give to the world, or at least your teammates? Here are six ways to package Python applications for distribution.

ESET communicated with PyPI to take action against the remaining ones and all of the known malicious packages are now offline. The full list of 116 packages can be found in our GitHub repository.