Malicious software libraries found in PyPI

An advisoryfrom the National Security Authority of Slovakia warns that they have foundfake packages in PyPI, posing as well known libraries. "Copies ofseveral well known Python packages were published under slightly modified names in the official Python packagerepository PyPI (prominent example includes urllib vs. urrlib3, bzipvs. bzip2, etc.). These packages contain the exact same code as theirupstream package thus their functionality is the same, but the installationscript, setup.py, is modified to include a malicious (but relativelybenign) code." The administrators of PyPI were informed and thefake packages are gone now, however they were available from June 2017 toSeptember 2017. (Thanks to Paul Wise)