Given how widespread Python is, developers should vet any third-party code they use before adding it to their projects. ESET firmly believes the abuse of PyPI will continue.

But don't worry, say Python maintainers, attackers can only stall your machine even though technically it is remotely exploitable.