"The attack, a continuation of a campaign conducted in July, involves fraudulent messages asking users to verify their email address for security purposes, and claiming that accounts may be suspended due to lack of action. "This email is fake, and the link goes to pypi-mirror.org which is a domain not owned by PyPI or the PSF [Python Software Foundation]," PSF security developer-in-residence Seth Larson warns. Setting up phishing-resistant multi-factor authentication (MFA), Larson explains, helps PyPI maintainers mitigate the risks associated with phishing attacks."
"The campaign echoes a recent phishing attack targeting NPM package maintainers with emails asking them to update their MFA information to avoid account suspension. The NPM attack successfully tricked several maintainers, including Josh Junon (Qix), who maintains 18 packages with over 2.5 billion weekly downloads, resulting in dozens of malicious versions of the compromised packages being pushed to the NPM registry."
A domain-confusion phishing campaign is targeting PyPI users with fraudulent messages that ask recipients to verify email addresses and threaten account suspension. The phishing links direct victims to pypi-mirror.org, a domain not owned by the PyPI ecosystem. Recipients who submitted credentials on the fake site are advised to immediately rotate credentials, inspect account security history for anomalies, and report suspicious activity. The campaign mirrors a recent successful NPM attack that led to compromised packages and malicious uploads. Threat actors increasingly target open source package ecosystems to steal credentials and enable supply-chain malware distribution.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]