Four different rogue packages in the Python Package Index (PyPI) have been found to carry out a number of malicious actions, including dropping malware, deleting the netstat utility, and manipulating the SSH authorized_keys file. The packages in question areaptx,bingchilling2,httops, andtkint3rs, all of which were collectively downloaded about 450 times before they were taken down. While