Recently, administrators of the Python Package Index (PyPI) were targeted in a phishing attack similar to one that occurred in the npm repository. The attackers sent messages from the address “[email protected]” to users of PyPI, claiming that their email needed to be confirmed. The messages contained a link to a form for email verification, which led to the site pypj.org. It is important to note that the official website of PyPI is pypi.org, with the only difference being the use of the letter “J” in the fake site.
The fraudulent site, pypj.org, replicated the content of the legitimate PyPI site. As of now, there is no confirmation on whether the attackers were successful in gaining control of any projects on PyPI as a result of this phishing attempt. This incident mirrors a previous attack on the npm repository, where attackers deceived many large JavaScript projects by releasing updates with malicious code for seven npm packages. These affected projects had a combined total of over 100 million downloads per week.