Researchers at security vendor Checkmarx have uncovered an operation, apparently based in Iraq, that uses malware hosted on the Python ... packages were uploaded to PyPI by a user called "dsfsdfds".