A malicious Python Package Index (PyPI) package named “set-utils” has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain. […]
from https://www.bleepingcomputer.com/news/security/ethereum-private-key-stealer-on-pypi-downloaded-over-1-000-times/