Severity: Critical
CVSS Score: 9.3
A PyPI user account compromised by an attacker and was able to upload a malicious version (1.1.5.post1) of the `dydx-v4-client` package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible because it is tucked away inside 100 layers of encoding, the structural design—specifically the use of recursive decompression followed by an `exec()` call is a definitive indicator of malicious software, likely a "Crypter" or "Dropper" masquerading as a cryptocurrency-related utility with the intent on connecting to hxxps://dydx[.]priceoracle[.]site/py to download and execute further payloads. Users of the `dydx-v4-client` package should immediately uninstall version 1.1.5.post1and revert to the last known good version (1.1.5) or later secure versions once available. Additionally, users should monitor their systems for any unusual activity and consider running security scans to detect any potential compromise.