From bleepingcomputer.com
A security researcher was able to add a counterfeit test package to the official list of Microsoft Azure SDK latest releases.
The simple trick if abused by an attacker can give off the impression that their malicious package is part of the Azure SDK suite.