Devs unknowingly use “malicious” modules snuck into official Python repository Code packages available in PyPI contained modified installation scripts.

PyPI package 'ctx' and PHP library 'phpass' hijacked to obtain AWS keys. ... Python Package Index (PyPI) module 'ctx' is one of the packages in question, with over 20,000 downloads each week.

Python's ctx library and a fork of PHP's phpass have been compromised. 3 million users combined. The malicious code sends all the environment variables to a heroku app, likely to mine AWS credentials.