PyPl suspends new projects and user sign-ups following flood of malware

vtqhtr413

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 17, 2017
1,448
The world’s biggest repository for open-source Python packages, PyPI, disabled new user registrations, and barred existing users from uploading new projects over the weekend, citing an unmanageable flood of malicious code being uploaded to the platform.

In an announcement posted on the PyPI status page, the organization said: “The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond to it in a timely fashion, especially with multiple PyPI administrators on leave.” The team planned to “re-group over the weekend” and soon enough, on Sunday evening (around 10 PM UTC), the suspension was lifted.

Supply chain attacks are all the rage these days, and as a result, open-source repositories have become an attractive target for cybercriminals and hackers. These days, most companies are incorporating open-source software in their products, at least to some extent. By squeezing malicious packages into the repository, threat actors are hoping IT teams will pick it up, compromising not just the product they’re building, but their entire network and infrastructure.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Update, May 22, 2023 09:27 AM ET: Temporary suspension has been lifted as of May 21, 2023, 5:57 PM ET.
 

vtqhtr413

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 17, 2017
1,448
 
  • Like
Reactions: Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top