Image default
IT

PyPI maintainers warn of ongoing phishing attack

The maintainers of the Python Package Index (PyPI) have warned of an ongoing phishing attack targeting users.

“Today we received reports of a phishing campaign targeting PyPI users. This is the first known phishing attack against PyPI,” wrote the maintainers in a tweet.

A phishing email is sent to users warning that PyPI is implementing a mandatory ‘validation’ process and that users must follow a link or risk their package being removed:

The maintainers have confirmed that the email is fake and that only removing projects “which violate our TOS or are in some way determined to be harmful (e.g., malware)” will ever be removed.

If PyPI users follow the link they’ll be taken to a page mimicking the index’s official login page to steal credentials. PyPI says that it has determined that some maintainers of legitimate projects have been compromised.

Malware has been published as the latest release for compromised projects so they’ve been removed from PyPI and the relevant maintainer accounts have been temporarily frozen.

“This malware is untypically large, ~63MB, (possibly in an attempt to evade AV detection) and has a valid signature (signed on August 23rd, 2022),” wrote Checkmarx researcher Aviad Gershon in an analysis.

(Photo by Scott Rodgerson on Unsplash)

Related: PyPI package installs cryptominer on Linux systems

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Source developer-tech.com

Related posts

10 best practices to get the most out of test automation

Blake Goodwin

Google expands third-party billing support to more countries

Blake Goodwin

Cyber Security & Cloud Expo: Examining the 2022 malware landscape

Blake Goodwin

Leave a Comment