Several individual developers seem to have noticed it at around the same time with Step and Socket pointing to different people in their blogs.

And then vendors from Socket, Aikido, and Step all seem to have detected it via their upstream malware detection feeds - Socket and Aikido do AI code analysis, and Step does eBPF monitoring of build pipelines. I think this was widespread enough it was noticed by several people.