Cybersecurity investigators have identified a harmful Python package in the Python Package Index (PyPI) repository that is capable of extracting a victim’s Ethereum private keys by mimicking well-known libraries.
The package under scrutiny is set-utils, which has amassed 1,077 downloads so far. It is no longer accessible for download from the official repository.
“Concealed as a basic utility for Python