There is a brand new hack out there that has very quietly affected many of people. Malicious developers uploaded slightly misspelled library names in Python’s package installer PyPi. Prominent examples include urllib vs. urrlib3, bzip vs. bzip2, etc.). These packages contain the exact same code as their upstream package thus their functionality is the same, but the installation script, setup.py, is modified to include a malicious (but relatively benign) code. It is very similar to what happens when you type in http://cnnn.com/ vs. http://cnn.com/
Possible fix: https://github.com/williamforbes/pypi_hacked_names
Source: http://www.bytelion.com/pypi-python-package-hack/
More info: https://news.ycombinator.com/item?id=15256121