Phony PyPi package imitates known developer

Security researchers at Snyk have discovered a malicious Python Package Index (PyPi) package, raw-tool, attempting to imitate a known open source developer through identity spoofing. Upon further analysis, the team found that the package was hiding malicious behavior using base64 encoding, reaching out to malicious servers, and executing obfuscated code. Snyk Security Researchers use both static and dynamic analysis techniques to uncover such malicious packages in open source ecosystems. The combination of these two methods allows for more accurate detection of suspicious behaviors and a better understanding of the current state of malware in open source package indexers.