[MART] - Daily Diary #583 - First Known PyPi Phishing Campaign

ctas-mat at appgate.com ctas-mat at appgate.com
Mon Aug 29 22:28:36 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

08/29/2022 - Diary entry #583:

Recently this week, the Python Package Index (PyPI) warned of a first known phishing campaign targeting PyPI users with the objective of stealing credentials. Delivered via spam, the data is sent to a URL controlled by the attackers when credentials are entered into the fake PyPI login page.

According to PyPi, ”some maintainers of legitimate projects have been compromised, and malware published as the latest release for those projects”. These malicious releases follow a similar pattern, using the same URL to collect the siphoned data.

Although this is the first known phishing campaign targeting PyPi users, the Python package manager already is a target of Typosquatting attacks, a technique used to infect systems based on typos on package managers. As we covered recently in our Daily Diary #517, a package manager makes developers' life easier by allowing them quickly download and implement external libraries as part of their code. But this facility can become a nightmare, as not so rarely malicious packages are uploaded to those repositories.

Therefore, it's important to not blindly trust third-party libraries and always double-check the installed dependencies, regardless of the platform. PyPi users should also adopt an additional factor of authentication that would difficult for the threat actors attempts to use their accounts for malicious activities.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Tarijon de Almeida
Malware Analyst

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220829/e937295e/attachment.htm>

More information about the MART mailing list