From the article... The libraries were "jeIlyfish" (with an upper case I) and "python3-dateutil" (not "dateutil"). Both libraries were close spellings of the real libraries.
The lesson for developers is double check your imports! Spelling does count and there are lots of similarly named libraries (most are not malicious thankfully)
Agreed, although I think there's more than just a comparing spelling issue here. "dateutil" via pip is installed using "pip install python-dateutil". I can easily see someone thinking "python3-dateutil" is simply a Py3 compatible version of "python-dateutil". The "python3-dateutil" module imported "jeIlyfish" so my guess is that the creator banked more on people installing the fake dateutil library than directly downloading jeIlyfish.
The lesson for developers is double check your imports! Spelling does count and there are lots of similarly named libraries (most are not malicious thankfully)