Kaspersky is warning of two such packages – ‘ultrarequests’ and ‘pyquest’ – that were masquerading as ‘requests’, a highly popular open source package. The malicious repositories copied the description from the legitimate package and contained fake statistics.
The malicious packages contained nearly identical code as ‘requests’, but were designed to write to a temporary file a one-liner Python script designed to fetch a next-stage script that in turn downloads and executes the final payload.