Security News > 2024 > March > PyPI suspends new user registration to block malware campaign

PyPI suspends new user registration to block malware campaign
2024-03-28 18:03

The Python Package Index has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign.

PyPI is an index for Python projects that helps developers find and install Python packages.

With thousands of packages available, the repository is an attractive target for threat actors, who often upload typosquatted or fake packages to compromise software developers and potential supply-chain attacks.

Such activity has forced PyPI administrators earlier today to announce that all new user registrations have been suspended to allow mitigating malicious activity.

A report from Checkmarx informs that threat actors started yesterday to upload to PyPI 365 packages with names that mimick legitimate projects.

Japan warns of malicious PyPi packages created by North Korean hackers.


News URL

https://www.bleepingcomputer.com/news/security/pypi-suspends-new-user-registration-to-block-malware-campaign/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Pypi 15 0 0 1 15 16