PyPI packages succumb to Mailchimp phishing scam
The news comes after "fairly convincing" phishing emails from a Mailchimp account swindled developers into revealing credentials
Administrators at the Python Package Index (PyPi) registry have confirmed an active phishing campaign aimed at stealing credentials from package developers.
Django project board member Adam Johnson first broke the news on Twitter after receiving a suspicious email that urged him to comply with a mandatory process to validate any and all PyPI packages before September. The email reportedly came from a Mailchimp account.
Cyber resiliency and end-user performance
Reduce risk and deliver greater business success with cyber-resilience capabilitiesFree Download
“Please validate your package with Google to avoid having your PyPi package removed from PyPi.org,” read the email.
Adding to the trickery, the mail said Google has mandated the validation process “due to a surge in malicious PyPi packages being uploaded to the PyPi.org domain".
The phishing site itself looks fairly convincing, according to Johnson. Consequently, a few unsuspecting developers entered their credentials on the malicious webpage that mirrored PyPI’s login page, which led to their creations getting hijacked.
“Exotel” (version 0.1.6) and “spam” (versions 2.0.2 and 4.0.2) are among the packages PyPI identified as compromised and rife with malware.
The aforementioned releases have been eliminated from PyPI and associated maintainer accounts are temporarily inaccessible. “We’ve additionally taken down several hundred typosquats that fit the same pattern,” added PyPI’s Security team.
PyPI also recommended users enable two-factor authentication, ideally through hardware security keys or WebAuthn two-factor authentication, as a precaution. In the event that a developer already entered credentials on the phishing site, PyPI recommends resetting the password, 2FA recovery codes, and reviewing the account for any suspicious activity.
Big data for finance
How to leverage big data analytics and AI in the finance sectorFree Download
Ten critical factors for cloud analytics success
Cloud-native, intelligent, and automated data management strategies to accelerate time to value and ROIFree Download
Remove barriers and reconnect with your customers
The $260 billion dollar friction problem businesses don't know they haveFree Download
The future of work is already here. Now’s the time to secure it.
Robust security to protect and enable your businessFree Download