Researchers have discovered a new malicious package on the PyPI repository that uses obfuscation to hide its malicious code.