PyPI stops registering new users again due to malware attacks

By: Nastya Bobkova | 31.03.2024, 21:24

Python Package Index (PyPI), the world's largest Python package repository, has stopped registering new accounts and projects again.

Here's What We Know

Cybersecurity experts from Checkmarx and Check Point have detected a large-scale attack in which attackers attempted to upload hundreds of malicious packages to the platform. This tactic, known as "typosquatting", involves the substitution of malicious versions of popular packages to compromise software developers and carry out supply chain attacks.

According to Checkmarx, the attackers attempted to download about 365 packages, while Check Point claims that the number could exceed 500. The attacks are aimed at gaining unauthorised access to users' systems and stealing confidential data, including passwords, cookies, and cryptocurrency wallet information.

Registration of new users has now been resumed and PyPI is back to normal.

Source: TechRadar