Calling libraries "malicious" and "malware" simply because they interact with web service APIs in an unauthorized way, or because they could potentially be used for nefarious purposes, is a pretty serious overstatement.<p>Would I use these libraries in an application I was writing? Probably not. But I don't see any evidence of <i>malice</i> here, like exfiltrating the usernames/passwords to a third party or executing code from an unexpected source. At best, these libraries are <i>potentially unwanted</i>, not <i>malicious</i>.