Security News > 2022 > August > PyPI packages hijacked after developers fall for phishing emails
A phishing campaign caught yesterday was seen targeting maintainers of Python packages published to the PyPI registry.
Python packages 'exotel' and 'spam' are among hundreds seen laced with malware after attackers successfully compromised accounts of maintainers who fell for the phishing email.
Admins of the PyPI registry confirmed yesterday a phishing email campaign had actively been targeting PyPI maintainers after Django project board member Adam Johnson reported receiving a suspicious email.
Background: the phishing message claims that there is a mandatory 'validation' process being implemented, and invites users to follow a link to validate a package, or otherwise risk the package being removed from PyPI. pic.
Some developers did fall for the phishing emails and entered their credentials on the attacker's webpage, leading to their creations getting hijacked and laced with malware.
This development follows May's hijack of the popular PyPI library 'ctx' that had prompted PyPI admins to mandate two-factor authentication for maintainers of critical projects.
News URL
Related news
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- GoIssue phishing tool targets GitHub developer credentials (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)