Researchers recently uncovered the following novel attack on the Python Package Index (PyPI). ReversingLabs detected a Python package in April that mixed malware with compiled code as a way to evade detection by security tools that only check source code files and not compiled output.
Source: The Register