The ctx hosted project on PyPI was taken over via user account compromise and replaced with a malicious project which contained runtime code which collected the content of os.environ.items() when instantiating Ctx objects.
The ctx hosted project on PyPI was taken over via user account compromise and replaced with a malicious project which contained runtime code that collected the content of os.environ.items() when instantiating Ctx objects. The captured environment variables were sent as a base64 encoded query parameter to a heroku application running at https://anti-theft-web.herokuapp.com. If you installed the package between May 14, 2022 and May 24, 2022, and your environment variables contain …