Ddos 
The Python Package Index (PyPI), the central repository for Python developers around the world, has issued a security warning regarding an ongoing phishing attack aimed at tricking project maintainers into handing over their credentials through a cleverly spoofed domain.
βPyPI has not been hacked, but users are being targeted by a phishing attack that attempts to trick them into logging in to a fake PyPI site,β confirmed Mike Fiedler, PyPI Admin and Safety & Security Engineer at the Python Software Foundation.
The phishing campaign exploits trust in the PyPI brand, using a deceptive email message titled:
[PyPI] Email verification
The email is sent from the suspicious address noreply@pypj.orgβnote the lowercase βjβ, which closely resembles the legitimate domain pypi.org but is a classic example of domain impersonation.
Inside the message, users are asked to verify their email by clicking a link that redirects them to a fake PyPI login page. Once there, users are prompted to input their credentials, which are then silently forwarded to the real PyPI login portal, creating a false sense of legitimacy.
βThe requests are passed back to PyPI, which may lead to the user believing they have logged in to PyPI, but in reality, they have provided their credentials to the phishing site,β said Fiedler.
Importantly, this is not the result of a breach or compromise of the PyPI platform itself. Instead, it is an opportunistic phishing campaign targeting project maintainers, especially those who have their email addresses listed in package metadata.
The PyPI team is actively working to counter the threat and has implemented the following safeguards:
- A banner alert has been posted on the PyPI homepage to raise awareness.
- Abuse and trademark violation reports have been submitted to CDN providers and domain registrars in an effort to dismantle the malicious infrastructure.
- Ongoing investigation is underway to explore long-term defenses against such impersonation attacks.
In the meantime, users are urged to exercise extreme caution:
- Do not click on links in suspicious emails.
- Always verify the URL in your browser before entering login credentials.
- If youβve entered credentials, change your PyPI password immediately and inspect your Security History for unauthorized activity.
Related Posts:
- PyPI’s New Rule: 2FA Verification for All Project Maintainers
- PyPI Swiftly Patches Privilege Escalation Flaw in Organizations Feature
- Popular ‘is’ JavaScript Library & Others Compromised in npm Supply Chain Attack
- PyPI Poisoned: 116 Malicious Packages Target Windows and Linux
- 11 Russian Linux Kernel Developers Lose Maintainer Status Due to “Compliance Requirements”
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
