"This attack technique involves hijacking PyPI software packages by manipulating the option to re-register them once they're removed from PyPI's index by the original owner," JFrog security researchers Andrey Polkovnychenko and Brian Moussalli said in a report shared with The Hacker News.
"The technique does not rely on the victim making a mistake when installing the package," the researchers said, pointing out how Revival Hijack can yield better results from the point of view of an adversary.
[
Collection
]
[
|
...
]