- The developers who published PyPI projects with their email in package metadata are being attacked
- They are asked to “verify” your email address with a false pypi platform
- The “verification” process transmits login credentials to the attackers
Python developers are being attacked with dangerous Phishing attacks, warned the Python Software Foundation (PSF).
PSF said the threat actors were actively attacking developers who have published PyPI projects with their email in package metadata. These developers receive emails that ask them to “verify” their email address on the platform, providing a link to do so.
By clicking on the link, redirect the victims to a page that seems apparently identical to the original: the URL for the original is pypi.org, and for the falsified one, Pypj.org, a difference small enough to pass under the radars of some people. This type of fraud is called “type of typeface” is often used in attacks.
Interrupt the scam
The site looks almost the same as real and asks users to log in to their accounts. However, sharing the credentials only transmits them to the attackers, who can then log in to the real site and manipulate the packages that are there.
PSF is a non -profit organization that manages and admits the Python programming language, and operates the python package index (Pypi.org), the most popular package index for the world’s programming language.
The legitimate pypi packages with malware is also a common occurrence. Many Python developers trust the platform and use the code that is there in several projects. By downloading malicious packages, they can give attackers access to their projects and possibly even to confidential company files.
To address the supplant campaign, PyPI administrators added a banner to the home page and have communicated with CDN suppliers and name registrars to finish Phishing sites.
Python developers are recommended to receive such emails that do not click on any link and simply eliminate emails immediately. Those who are not sure whether the email they received is legitimate or are not recommended to open PYPI directly in their browser, instead of clicking any link in the email.
Through Bleepingcomputer
