PyPI Admins held user signup & package uploads: Know Why?

Post Views: 312

The Python Package Index (PyPI) admins have suspended the signup & package submission for a short period of time.

The managers stop access to features of sign-up & package uploads for a short time just for the sake of ongoing cyber attacks. That’s because there was a huge number of attacks being executed from the adversaries’ side in the previous week.

PyPI Team

“Nobody with a new user name will be able to register their ID on PyPI temporarily to avoid any ongoing malicious activity. For now, we don’t have enough strategies to hold & respond against the adversaries who are pulling strings behind the attacks which are happening due to malicious projects building on PyPI.

Moreover, it has become difficult to manage because a huge number of admins are on leave right now. Admins have uploaded an incident report for Python infrastructure which you can read to know about the event. Even though we had a discussion over the weekend, the newcomers still won’t be able to submit their project now.”

The notification doesn’t clarify any details about the event, such as

Adversaries,
Their Objectives, and
The Codes used in the attacks.

The adversaries uploaded malicious packages to the PyPI repository. That’s because they try manipulating developers to use those packages via social engineering methods, such as

Typos in their names, and
High Version Numbers.

The adversary gets a benefit with a repository that has the objective of executing supply chain attacks pointing at developers.

This week, ReversingLabs researchers alerted about the 2 malicious packages known as follows in the npm package repository, including an open-source info-stealer called TurkoRat.

Nodejs-encrypt-agent, and
Nodejs-cookie-proxy-agent.

TurkoRat, an info-stealing malware capable of acquiring a wide range of data from the infected machine, including

Account Login Credentials,
Cryptocurrency Wallets, and
Website Cookies.

Moreover, the mentioned malware allows anti-sandbox & analysis facilities to avoid detection and prevent being analyzed.

February 2023

Phylum researchers found 451+ unique Python Packages on the PyPI repository while trying to share clipper malware on the developer systems.

According to the Experts,

The event is still ongoing & is a part of the malicious program they found on Nov, 2022.

About The Author

Suraj Koli is a content specialist with expertise in Cybersecurity and B2B Domains. He has provided his skills for News4Hackers Blog and Craw Security. Moreover, he has written content for various sectors Business, Law, Food & Beverage, Entertainment, and many others. Koli established his center of the field in a very amazing scenario. Simply said, he started his career selling products, where he enhanced his skills in understanding the product and the point of view of clients from the customer’s perspective, which simplified his journey in the long run. It makes him an interesting personality among other writers. Currently, he is a regular writer at Craw Security.