PyPI temporarily stops new user registration due to malware attacks

Python Package Index (PyPI), the world’s largest Python package repository, has stopped registering new accounts and projects again.

Cybersecurity experts from Checkmarx and Check Point have detected a large-scale attack in which attackers attempted to upload hundreds of malicious packages to the platform. This tactic, known as “typosquatting,” involves the substitution of malicious versions of popular packages to compromise software developers and attack supply chains.

According to Checkmarx, the attackers attempted to download about 365 packets, while Check Point claims that the number could exceed 500. The purpose of the attacks is to gain unauthorized access to users’ systems and steal confidential data, including passwords, cookies, and information about cryptocurrency wallets.

New user registration has now been resumed, and PyPI is back to normal.

Source gagadget
Comments
Loading...

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More