Security News > 2022 > August > Phishing PyPI users: Attackers compromise legitimate projects to push malware
PyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users.
"We have additionally determined that some maintainers of legitimate projects have been compromised, and malware published as the latest release for those projects. These releases have been removed from PyPI and the maintainer accounts have been temporarily frozen," the PyPI team noted.
A click on the provided link took victims to a phishing site mimicking PyPI's login page.
"We are unable to determine whether the phishing site was designed to relay TOTP-based two-factor codes. Accounts protected by hardware security keys are not vulnerable," the PyPI team said.
According to Checkmarx security researcher Aviad Gershon, "The phishing attempt and the malicious packages are linked by the domain linkedopports[.]com, which appears in the malicious package code and also functions as the location to which the phishing site tries to send the stolen credentials."
Threat actors are constantly trying - and sometimes succeeding - to get malicious packages on PyPI. "We're actively reviewing reports of new malicious releases, and ensuring that they are removed and the maintainer accounts restored. We're also working to provide security features like 2FA more prevalent across projects on PyPI," the PyPI team said in the wake of this latest security incident.