PYPI package hiding malicious code inside image was found