PyPI maintainers warn of ongoing phishing attack

Ryan Daws is a senior editor at TechForge Media, with a seasoned background spanning over a decade in tech journalism. His expertise lies in identifying the latest technological trends, dissecting complex topics, and weaving compelling narratives around the most cutting-edge developments. His articles and interviews with leading industry figures have gained him recognition as a key influencer by organisations such as Onalytica. Publications under his stewardship have since gained recognition from leading analyst houses like Forrester for their performance. Find him on X (@gadget_ry) or Mastodon (@gadgetry@techhub.social)


The maintainers of the Python Package Index (PyPI) have warned of an ongoing phishing attack targeting users.

“Today we received reports of a phishing campaign targeting PyPI users. This is the first known phishing attack against PyPI,” wrote the maintainers in a tweet.

A phishing email is sent to users warning that PyPI is implementing a mandatory ‘validation’ process and that users must follow a link or risk their package being removed:

The maintainers have confirmed that the email is fake and that only removing projects “which violate our TOS or are in some way determined to be harmful (e.g., malware)” will ever be removed.

If PyPI users follow the link they’ll be taken to a page mimicking the index’s official login page to steal credentials. PyPI says that it has determined that some maintainers of legitimate projects have been compromised.

Malware has been published as the latest release for compromised projects so they’ve been removed from PyPI and the relevant maintainer accounts have been temporarily frozen.

“This malware is untypically large, ~63MB, (possibly in an attempt to evade AV detection) and has a valid signature (signed on August 23rd, 2022),” wrote Checkmarx researcher Aviad Gershon in an analysis.

(Photo by Scott Rodgerson on Unsplash)

Related: PyPI package installs cryptominer on Linux systems

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *