Security News > 2022 > August > Sonatype shines light on typosquatting ransomware threat in PyPI

Miscreants making use of typosquatting are being spotted by researchers at Sonatype, emphasizing the need to check that the package is really the one you meant to download. The latest packages detected use variations of the spelling of "Requests", a hugely popular HTTP library available via PyPI. Of the project, the description notes: "Requests is one of the most downloaded Python packages today, pulling in around 30M downloads / week - according to GitHub. Requests is currently depended upon by 1,000,000+ repositories."

Focusing on the requesys package, researchers found scripts that would stomp over Windows user's folders and begin encrypting files.

Sonatype managed to get hold of the developer responsible, who insisted the packages were merely developed for fun and, since no ransom was demanded or paid, were pretty much harmless.

The requesys package was renamed by the author, according to Sonatype, "In an effort to prevent further typosquatting victims falling for the ransomware, effectively thwarting the attack."

More recently, the ctx package was compromised on PyPI by an individual claiming no malicious intent even as the software supply-chain attack pulled in information from victims.

Sonatype told The Register that the PyPI organization was quick to take down packages and said it had reported its findings to the group.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/03/sonatype_typosquatting/