As many as eight Python packages that were downloaded more than 30,000 times have been removed from PyPI portal for containing malicious code. Software package repositories are evolving into a popular target for supply chain attacks. Researchers say lack of moderation and automated security controls in public software repositories allow even inexperienced attackers to use them as a platform to spread malware, whether through typosquatting, dependency confusion, or simple social engineering attacks. Python packages in question were found to be obfuscated using Base64 encoding, and could be abused to become an entry point for more sophisticated threats.
Source: https://thehackernews.com/2021/07/several-malicious-typosquatted-python.html