The PyPI (Python Package Index) Python package repository has temporarily stopped registering new users and projects. The reason is a surge in the activity of attackers who have arranged the publication of packages with malicious code. It is noted that with several administrators on vacation, the volume of registered malicious projects last week exceeded the ability of the remaining PyPI team to respond quickly. The developers plan to rebuild some of the verification processes over the weekend, after which they will resume the possibility of registering in the repository.
According to the Sonatype malware monitoring system, in March 2023, 6933 malicious packages were found in the PyPI catalog, and in total, since 2019, the number of detected malicious packages has exceeded 115. In December 2022, an attack on the NuGet, NPM, and PyPI catalogs resulted in the publication of 144 packages of phishing and spam code.
Most malicious packages disguise themselves as popular libraries using typesquatting (assigning similar names that differ in individual characters, for example, exampl instead of example, djangoo instead of django, pyhton instead of python, etc.) β attackers rely on inattentive users who made a typo or did not notice differences in the name when searching. Malicious actions usually come down to sending confidential data found on the local system as a result of defining typical files with passwords, access keys, crypto wallets, tokens, session cookies and other confidential information.
Source: opennet.ru