It's nothing new, using library programming distribution is common way to spread malware. Although it's weird malicious package called "disgrasya" downloaded over 37K times, when searching "disgrasya" on Google leads to dictionary/language website rather than programming website.

P.S. I don't think this thread belongs on "Beginners & Help", since average people don't need to install Python package manually.