PyPI stops signing up new users to try to block the malware campaign
Python Package Index (PyPI), the largest repository of Python packages, has once again been forced to suspend new account and new project registrations.
Cybersecurity experts from both Checkmarx and Check Point observed a large-scale cyberattack in which threat actors attempted to upload hundreds of malicious packages to the platform, in an effort to compromise software developers and conduct supply chain attacks.
The packages mimic legitimate packages that have already been uploaded to PyPI, an attack commonly called “typosquatting”. It relies on developers being reckless and picking up the malicious version of the package, instead of the legitimate version.
While Checkmarx says the attackers tried to upload around 365 packets, Check Point claims at least 500. Regardless of the total number, the aim of the attack is to trick victims into installing an infostealer with persistence capabilities. This infostealer collects passwords stored in browsers, cookies, and cryptocurrency wallet-related information, among other things.
Registrations have been reopened
PyPi appears to have now addressed the issue, as at the time of writing registrations had been reopened.
PyPI is the world’s largest repository for open-source Python packages and as such faces a constant barrage of cyber attacks.
In late May 2023, the platform was forced to do the same as it faced an “unimaginable flood of malicious code” uploaded to the platform.
In an announcement on the PyPI status page, the organization said: “The number of malicious users and malicious projects created on the index over the past week has exceeded our ability to respond in a timely manner, especially with multiple PyPI administrators. on leave.”
It took the company all weekend to lift the suspension.
Through BleepingComputer