The story normally is “hackers place malicious code into legitimate projects on software repository”. This is a favourite threat actor tactic as it can infect many users, when software developers, unintentional, distribute the malicious code with their projects.
This story however is how threat actors are using these platforms to distribute and improve their malicious code before it is deployed:
Python Libraries Used for Malicious Purposes – SANS Internet Storm Center
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
How much are you relying on your web designer to protect your reputation? – CyberAwake