Supply chain attacks against the Python Package Index repository last week that resulted in the compromise of at least two PyPi projects were only part of a bigger campaign aimed at spreading the JuiceStealer credential-stealing malware since late last year, according to Ars Technica.