The world’s largest open-source Python package repository, PyPI, has disabled new user registration and prevented existing users from uploading new projects over the weekend, citing an uncontrollable flood of malicious code being uploaded to the platform.
In an announcement posted on PyPI’s status page, the organization stated, “The number of malicious users and malicious projects created in the index last week has exceeded our ability to respond in a timely manner, especially with many PyPI admins on leave.”
The team planned to “regroup over the weekend” and shortly thereafter, on Sunday night (around 22:00 UTC), the suspension was lifted.
Attacks on the supply chain
Attacks against supply chains are now the order of the day, making open source repositories attractive targets for cybercriminals and hackers. Today, most companies incorporate open source software into their products, at least to some extent. By placing malicious packages in the repository, cybercriminals hope that IT teams will detect them, compromising not only the product being developed, but their entire network and infrastructure.
Most of the time, malicious actors engaged in “typosquatting” – creating malicious packages with names almost identical to pre-existing, benign packages. This way they hope that reckless, overworked or understaffed developers won’t notice the difference and choose the wrong package for their solution.
In order to build credibility and make more people download their malware, cyber criminals would also generate fake reviews and blow up the download count with bots and artificial intelligence.
Attacks against Python developers via PyPI have increased in recent months, and we’ve reported at least six separate incidents discovered this year.
Hackers usually want to install info stelaers that will help them steal credentials and gain access to valuable company resources.
