- The developers who have published projects on Pypi with their email in the metadata of the package are targeted
- They are invited to “check” their email address with a false pypi platform
- The “verification” process relays identification information to attackers
Python developers are targeted with dangerous phishing attacks, warned the Python Software Foundation (PSF).
The PSF said that threat actors actively targeted the developers who published projects on Pypi with their email in metadata on the package. These developers receive emails asking them to “check” their email address on the platform, providing a link to do so.
Click on the link redirects the victims to a page which apparently seems identical to the original – the original URL is Pypi.org, and for the usurped – Pypj.org, a difference small enough to pass under the radars of certain people. This type of fraud is called “typosquat” and is often used in attacks.
Disturb the scam
The site is almost like real thing and invites users to connect to their accounts. However, the sharing of identification information simply relays them to the attackers, who can then connect to the real site and face the packages found there.
PSF is a non -profit organization that manages and supports the Python programming language, and operates the Python package index (Pypi.org), the most popular package index for programming language in the world.
The legitimate pypi packages to hinder with malicious software are also common. Many Python developers trust the platform and use the code found there in various projects. By downloading malicious plans, they can grant attackers access to their projects, and maybe even sensitive corporate files.
To fight against the identity campaign, the Pypi administrators added a banner to the home page and contacted the CDN suppliers and the names of names to end the phishing sites.
Python developers have been advised who received such emails not to click on any link and simply delete emails immediately. Those who do not know if the email they have received is legitimate or are not invited to open Pypi directly in their browser, instead of clicking on links in the email.
Via Bleeping Compompute
