The Python security team removed two trojanized Python libraries from PyPI that were stealing SSH and GPG keys from the projects of infected developers.