Users of the Python Package Index repository are being targeted by an ongoing phishing scheme redirecting to fraudulent PyPI sites that facilitate credential pilfering activities, The Hacker News reports.
Attackers using the fake 'noreply@pypi[.]' email address have been sending malicious email verification messages that lures targets into providing their credentials in a bogus PyPI site while routing the request to the real website in an effort to better conceal malicious activity, according to PyPI maintainers. "This is not a security breach of PyPI itself, but rather a phishing attempt that exploits the trust users have in PyPI," said PyPI Admin Mike Fielder, who called on users who had provided credentials to promptly replace their PyPI passwords and examine their accounts' Security History. Such a development follows a separate but similar phishing campaign aimed at the npm repository that was reported by Socket researchers to have resulted in Scavenger Stealer malware compromise and data exfiltration via WebSocket.
Attackers using the fake 'noreply@pypi[.]' email address have been sending malicious email verification messages that lures targets into providing their credentials in a bogus PyPI site while routing the request to the real website in an effort to better conceal malicious activity, according to PyPI maintainers. "This is not a security breach of PyPI itself, but rather a phishing attempt that exploits the trust users have in PyPI," said PyPI Admin Mike Fielder, who called on users who had provided credentials to promptly replace their PyPI passwords and examine their accounts' Security History. Such a development follows a separate but similar phishing campaign aimed at the npm repository that was reported by Socket researchers to have resulted in Scavenger Stealer malware compromise and data exfiltration via WebSocket.
