According to experts, con artists have deceived PyPI Python package maintainers into disclosing their login information, then used the passwords to log in and taint the packages with malware.
Adam Johnson, a member of the Django project board who had experienced an assault, corroborated the information, saying that "hundreds" of packages had been impacted.
The report claims that an unidentified threat actor sent phishing emails to package maintainers threatening to remove their packages from the platform unless they "validated" themselves. According to Johnson, tapping the email's link took the targets to a "pretty plausible" phishing website.
dozens of contaminated packages
According to the report, several maintainers fell for it and gave the scammers their login information. It was proven that they used the information to hijack "many hundreds" of items that were eventually taken off the platform. The code's harmful actions include downloading a trojan and exfiltrating the machine name of the endpoint(opens in new tab) to the domain linkedopports[.]com.
According to PyPI, "We're actively investigating reports of new malicious releases, and we're making sure they're taken down and the maintainer accounts are reinstated." We're working to make security features like 2FA more commonplace across PyPI projects.
With more than 600,000 active users, PyPI is the largest Python code repository in the world and has recently come under heavy attack. Researchers discovered about a dozen "typosquat"-style malware packages less than a month ago. Typosquatting is a method of spreading malware in which the malicious package has a name that is nearly identical to the legitimate one but has a little "typo," potentially deceiving developers into downloading and using it in place of the legitimate one.
Only a few days ago, a dozen more malicious packages were found, with the intention of stealing(opens in new tab) sensitive information stored in browsers, hacking the Discord client, stealing authentication tokens, and stealing payment information.
These are the top firewalls available right now (opens in new tab): BleepingComputer
