Highly invasive malware disguised as obfuscation tools targets developers, installing payloads that give attackers control of their machines. Eight separate packages, including the most recent "pyobfgood," were downloaded over 2,300 times, primarily in the US. Malicious payloads include stealing data, downloading additional malware, and secretly taking web camera photos, with mocking messages sent back to Discord channels.

https://arstechnica.com/security/2023/11/developers-targeted-with-malware-that-monitors-their-every-move/