A malicious PyPI package called sympy-dev was discovered impersonating the legitimate SymPy mathematics library to distribute cryptomining malware. The fake package used similar branding and metadata to trick developers into installing it, and gained over 1,000 downloads within its first day. Once installed, the malware injected code into math functions that would covertly fetch and execute an XMRig cryptominer in memory, helping the attacker hijack computing resources while evading detection.