It's nothing new, using library programming distribution is common way to spread malware.
Unfortunately this is true, and we can do nothing to cut off this way.
We can recognize that PyPI's review processes don't suffice to fence off supply chain attacks, and look for software distribution mechanisms that do this better.