A malicious Python package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers' account credentials and other sensitive data from compromised devices. [...]
http://dlvr.it/SlPCvx
http://dlvr.it/SlPCvx