PyPI stops signing up new users to try and block malware campaign

Pls share this post


Listen to this article

Python Package Index (PyPI), the largest repository of Python packages, has once again been forced to suspend new account and new project registrations.

Cybersecurity experts from both Checkmarx and Check Point observed a large-scale cyberattack in which threat actors tried to upload hundreds of malicious packages to the platform, in an attempt to compromise software developers and mount supply chain attacks.

The packages mimic legitimate ones already uploaded to PyPI, an attack usually called “typosquatting”. It relies on developers being reckless and picking up the malicious version of the package, instead of the legitimate one.

READ ALSO 
'The most powerful machine yet assembled on Earth': China quietly launched record-breaking supercomputer — and someone virtually deconstructed its processor

While Checkmarx says the attackers tried to upload some 365 packages, Check Point claims at least 500. Regardless of the total number, the attack’s goal is to get the victims to install an infostealer with persistence capabilities. This infostealer grabs, among other things, passwords stored in browsers, cookies, and cryptocurrency wallet-related information.

Registrations reopened 

PyPi seems to have addressed the issue in the meantime, as at the time of writing, registrations were reopened.

PyPI is the world’s biggest repository for open-source Python packages, and as such, is facing a constant barrage of cyberattacks.

In late May 2023, the platform was forced to do the same thing, as it faced an “unimaginable flood of malicious code” being uploaded to the platform.

READ ALSO  Domain registrars can now block users from registering typo-laden domains for nefarious purposes

In an announcement posted on the PyPI status page, the organization said: “The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond to it in a timely fashion, especially with multiple PyPI administrators on leave.”

It took the company the entire weekend to lift the suspension.

Via BleepingComputer

More from TechRadar Pro

Source



Pls share this post
Previous articleTax expert warns over ‘ripple effects’ of Baltimore bridge collapse: Economic damage ‘hard to comprehend’
Next articleTesla CEO Elon Musk: His career, life, and companies he started