PyPI temporarily stops new user registration due to malware attacks
Python Package Index (PyPI), the world’s largest Python package repository, has stopped registering new accounts and projects again.
Cybersecurity experts from Checkmarx and Check Point have detected a large-scale attack in which attackers attempted to upload hundreds of malicious packages to the platform. This tactic, known as “typosquatting,” involves the substitution of malicious versions of popular packages to compromise software developers and attack supply chains.
According to Checkmarx, the attackers attempted to download about 365 packets, while Check Point claims that the number could exceed 500. The purpose of the attacks is to gain unauthorized access to users’ systems and steal confidential data, including passwords, cookies, and information about cryptocurrency wallets.
New user registration has now been resumed, and PyPI is back to normal.