Phishing PyPI users: Attackers compromise legitimate projects to push malware

Checkmarx Don't miss MFA News Open Source PyPI Python Spear Phishing supply chain compromise Typosquatting

PyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. “We have additionally determined that some maintainers of legitimate projects have been compromised, and malware published as the latest release for those projects. These releases have been removed from PyPI and the maintainer accounts have been temporarily frozen,” the PyPI team noted. The malicious releases that they are currently aware of are: exotel – v0.1.6 spam – … More

The post Phishing PyPI users: Attackers compromise legitimate projects to push malware appeared first on Help Net Security.