This guy named Tschache,Using a variation of typosquatting, he uploaded his code to 3 popular communities of developers–PyPi, RubyGems, NPM–and gave them names of the 214 most downloaded packages on.
As a result, over the span of few months, his sketchy code was executed on more than 17,000 domains and more than 45,000 times. Interestingly, more than half the time his code ran with complete administrative rights. His script was also found to affect .mil domains of the US military.
How cool he is!?

Source: http://incolumitas.com/data/...