The administrators of the Python Package Index (PyPI) repository have warned that they have discovered a phishing attack similar to a recent attack on package maintainers in the NPM repository. The attackers sent messages on behalf of PyPI with a notification that they need to confirm their email.
The messages were sent from the address "noreply@pypj.org" and contained a link to an email verification form leading to the pypj.org website (the domain differs from the official pypi.org website by the letter "j" instead of "i", counting on the recipient's inattention). The content of the pypj.org website was identical to the pypi.org website. There is no information yet whether the attackers managed to gain control over any projects on PyPI. In a similar attack on NPM, the attackers similarly tricked the maintainers of several large JavaScript projects and released updates with malicious code for seven NPM packages, which together account for more than 100 million downloads per week.
Source: opennet.ru
