The fact that the large package contains real AI libraries from the developer platform GitHub makes the threat extra problematic.
This makes it very difficult for antivirus programs to detect them, says Henrik Bergqvist, cybersecurity expert at Cisco Sweden.
Hidden among the files is the ransomware program "Luckyghost".
This gives the attacker complete control over the computer and the ability to move on to other computers in the same organization, says Bergqvist.
The advice is to be vigilant about clicking on links and to only download material from official sources.
