The Python Package Index (PyPI) website is being used to launch sophisticated phishing campaigns targeting Python developers, highlighting the ongoing threats that open-source ecosystems face. The phishing campaign is utilising a counterfeit version of the website to target Python developers.
In an official advisory issued earlier this week by the Python Software Foundation (PSF), attackers have warned developers against defrauding them of their login credentials by using the official PyPI domain for their phishing campaign.
Despite the fact that PyPI’s core infrastructure has not been compromised, the threat actors are distributing deceptive emails directing recipients to a fake website that closely resembles the official repository of PyPI. Because PyPI is the central repository for publishing and installing third-party Python libraries, this campaign poses a significant threat to developers’ accounts as well as to the entire software supply chain as a whole.
In addition to using subtle visual deception, social engineering techniques are also used by attackers to craft phishing emails that appear convincingly legitimate to unsuspecting recipients of the emails. A subject line of the email normally reads “[PyPI] Email verification.” These emails are typically sent to addresses harvested from the Python Package Index metadata of packages.
A noteworthy aspect of the spam emails is that they are coming from email addresses using the domain @pypj.org, a nearly identical spoof of the official @pypi.org domain—only one chara
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: