https://arstechnica.com/security/2024/07/code-sneaked-into-fake-aws-downloaded-hundreds-of-times-backdoored-dev-devices/
If other developers didn't detect the malware, what are the chances that a one-man shop would have the resources to do that.
Mario, good on you for avoiding Open Source. There is big, big money in cybercrime and it is safer than dealing drugs, bank robberies, or gambling rackets.