Malicious Package
All versions of malicious-do-not-install contain malicious code. The package copies the contents of /etc/passwd and /etc/shadow to files in the local /tmp/ folder. Remove the package from your environment and rotate affected credentials.