Python Paki Pypcates Repository Halts New User & Project Registrations Due to Malicious Code Concerns
The Python Package Index (PYPI) repository recently announced the temporary suspension of new user and project registrations. The reason for this is the sudden increase in hacker activities leading to malicious package publications. Due to the holiday absence of several administrators, the volume of registered malicious projects exceeded the response capacity of the remaining PYPI operators. PYPI developers plan to introduce improved checks over the weekend before reopening user and project registrations.
According to Sonatype monitoring systems, the PYPI catalog identified about 6,933 malicious packages in March 2023 alone, and over 115,000 since 2019. In December 2022, the attack on Nuget, NPM, and PYPI catalogs resulted in 144,000 fake packages containing spam and phishing codes.
Most of the malicious packages are typically masked as popular libraries using Typskvotynt. The practice involves naming similar but different libraries such as EXAMPL instead of Example, Djangoo instead of Django, and Pyhton instead of Python. The attackers bank on users making typographical errors and not noticing the difference in names during online searches. The harmful codes exploit vulnerabilities in the target system to steal confidential data such as passwords, access keys, cryptocurrencies, tokens, session cookies and other sensitive information.
The PYPI repository plans to enhance its safety measures and safeguards to restore user and project registrations as soon as it is safe to do so.