For example, the attacker named the malware packages "mplatlib" or "maratlib" instead of the real "matplotlib". In total, the infected packages were downloaded around 5,000 times since April.
The malicious code is contained in the setup.py file of each of these packages. It causes infected computers to use either the ubqminer or T-Rex cryptominer to mine digital coin and deposit it in the following address: 0x510aec7f266557b7de753231820571b13eb31b57.Full details at ARS Technica.
How a college student tricked 17k coders into running his sketchy script PyPI has been a frequently abused repository since 2016 when a college student tricked 17,000 coders into running the sketchy script he posted there.