Python devs targeted with dangerous phishing attacks - here's how to stay safe

News
By published

Someone is spoofing PyPI.org

The Python banner logo on a computer screen running a code editor.
(Image credit: Shutterstock / Trismegist san)
  • Developers who published projects on PyPI with their email in package metadata are being targeted
  • They are asked to "verify" their email address with a fake PyPI platform
  • The "verification" process relays login credentials to attackers

Python developers are being targeted with dangerous phishing attacks, The Python Software Foundation (PSF) has warned .

PSF said threat actors were actively targeting developers who have published projects on PyPI with their email in package metadata. These developers are receiving emails asking them to “verify” their email address on the platform, providing a link to do so.

Clicking on the link redirects the victims to a page that looks seemingly identical to the original one - the URL for the original one is PyPI.org, and for the spoofed one - PyPJ.org, a difference small enough to pass under some people’s radars. This type of fraud is called “typosquatting” and is often used in attacks.

Disrupting the scam

The site looks almost the same as the real thing, and prompts the users to log into their accounts. However, sharing the credentials just relays them to the attackers, who can then log into the actual site, and tamper with the packages found there.

PSF is a nonprofit organization that manages and supports the Python programming language, and operates The Python Package Index (PyPI.org), the most popular package index for the programming language in the world.

Tainting legitimate PyPI packages with malware is also a common occurrence. Many Python developers trust the platform, and use the code found there in various projects. By downloading malicious packages, they can grant attackers access to their projects, and possibly even sensitive company files.

To tackle the impersonation campaign, PyPI admins added a banner to the homepage, and have reached out to CDN providers and name registrars to terminate the phishing sites.

Python developers who received such emails are advised not to click on any links, and just delete the emails immediately. Those who are unsure if the email they received is legitimate or not are advised to open up PyPi directly in their browser, instead of clicking any links in the email.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.