- Developers who published projects on Pypi with their E -Mail in packing metadata are targeted
- They are asked to “verify” their E -mail address with a fake Pypi platform
- The process “Verification” Relay Login -AdInitimation Information to Attackers
Python developers are targeting dangerous phishing -attack, Python Software Foundation (PSF) has warned.
PSF said threat actors were actively aiming for developers who have published projects at Pypi with their E -mail in packing metadata. These developers receive E emails asking them to “verify” their e -mail address on the platform, giving a link to do so.
Click on the link redirects the victims to a page that seems to be identical to the original – the URL of the original is pypi.org, and for the dilapidated – pypj.org, a difference small enough to pass under some people’s radars. This type of fraud is called “typosquatting” and is often used in attack.
Disturb the scam
The site looks almost the same as the right thing and asks users to log in to their accounts. However, sharing the credentials just pass them on to attackers who can then log in to the actual place, and manipulate the packages that are there.
PSF is a nonprofit organization that manages and supports the Python programming language and operates the Python Package Index (Pypi.org), the most popular package index for programming language in the world.
Massing legitimate Pypi packs with malware is also a common event. Many Python developers rely on the platform and use the code found in different projects. By downloading malicious packages, they can give attacks access to their projects and possibly even sensitive corporate files.
To tackle the imitation campaign, Pypi administrators added a banner to the website and have reached CDN providers and name registrators to complete phishing -sites.
Python developers who received such e emails are not advised to click on any links and just delete e emails right away. Those who are uncertain whether the e -mail they have received is legitimate or not are advised to open Pypi directly in their browser instead of clicking the links IE email.
Via Bleeping computer
