From bleepingcomputer.com
This week, multiple malicious packages were caught in the PyPI repository for Python projects that turned developers’ workstations into cryptomining machines.
All malicious packages were published by the same account and tricked developers into downloading them thousands of times by using misspelled names of legitimate Python projects.