Some PyPI packages were compromised because developers were caught by phishing emails.
The phishing campaign targeted Python package maintainers published in the PyPI registry.
Among the intercepted versions of packages are "spam" (versions 2.0.2 and 4.0.2) and "exotel" (version 0.1.6). These versions have been removed from PyPI.
The malicious code inserted in the compromised versions transfers the user's computer name to the linkedopports[.]com domain, and then downloads and launches a trojan that, by sending requests to the same domain.