A malicious PyPI package named ccxt-mexc-futures has been discovered by security researchers. This package claims to extend the capabilities of the legitimate CCXT library for cryptocurrency trading, specifically for futures trading on the MEXC exchange. However, it actually hijacks user orders and steals crypto tokens. The package overrides certain API functions, redirecting trading requests to a malicious server at greentreeone.com instead of the legitimate MEXC platform. It uses obfuscation techniques to hide its malicious code and tricks users into believing their orders are being processed normally. The attackers can potentially steal API keys, secrets, and other sensitive information used for crypto trading. Users are advised to revoke any compromised tokens and remove the malicious package immediately.