PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted

Share:

The maintainers of Python Package Index (PyPI), the official third-party software repository for the Python programming language, have temporarily disabled the ability for users to sign up and upload new packages until further notice.

“The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond to it in a timely fashion, especially with multiple PyPI administrators on leave,” the admins said in a notice published on May 20, 2023.

No additional details about the nature of the malware and threat actors involved in publishing those rogue packages to PyPI were disclosed.

The decision to freeze new user and project registrations comes as software registries such as PyPI have proven time and time again to be a popular target for attackers looking to poison the software supply chain and compromise developer environments.

Earlier this week, Israeli cybersecurity startup Phylum uncovered an active malware campaign that leverages OpenAI ChatGPT-themed lures to bait developers into downloading a malicious Python module capable of stealing clipboard content in order to hijack cryptocurrency transactions.

ReversingLabs, in a similar discovery, identified multiple npm packages named nodejs-encrypt-agent and nodejs-cookie-proxy-agent in the npm repository that drops a trojan called TurkoRat.

 

(c) Ravie Lakshmanan

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

loader-image
Austria, AT
2:55 am, Dez. 29, 2024
weather icon 0°C
L: 0° H: 0°
clear sky
Humidity 80 %
Pressure 1032 mb
Wind 6 mph S
Wind Gust Wind Gust: 4 mph
UV Index UV Index: 0
Precipitation Precipitation: 0 mm
Clouds Clouds: 0%
Rain Chance Rain Chance: 0%
Visibility Visibility: 10 km
Sunrise Sunrise: 7:53 am
Sunset Sunset: 4:23 pm
DailyHourly
Daily ForecastHourly Forecast
Nach oben scrollen