The Python Package Index, known as PyPI, is a repository for Python software that has been consistently targeted by hackers following the trend of supply chain attacks. Various package repositories are vulnerable to spreading malware extensively.
Recently, PyPI had to announce the suspension of new user registrations and project creations in the system for approximately 10 hours due to a large-scale attack involving the creation of multiple user accounts to upload malware into the system.
Security company Checkmarx reported that this attack was a well-planned operation, where hacker groups attempted to upload software packages with similar names but slight variations (e.g., requiremetstx, requiremntstx, requiremetnstxt) to trap users who mistype package names into downloading packages embedded with malware for their usage (this technique is known as Typosquatting).
This type of attack is not unique to PyPI alone, as in the past, GitHub has been targeted in a similar manner, along with other software repositories for different languages like RubyGems and npm.
Source: PyPI Checkmarx, Ars Technica
**TLDR: PyPI, a repository for Python software, was targeted in a supply chain attack involving the upload of malware through a coordinated effort by hacker groups. This attack, known as Typosquatting, aimed to deceive users into downloading malicious packages by slightly altering package names. Similar attacks have occurred on GitHub, RubyGems, and npm repositories.**
Leave a Comment