BRANDEFENSE BRANDEFENSE
  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Customer Stories
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Cookie Policy
    Terms of Use
    Contact Us
Request a Demo
Login

BRANDEFENSE

  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Customer Stories
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Cookie Policy
    Terms of Use
    Contact Us
Phishing Attacks Targeting Python Package Repository (PyPI) Users Detected

Phishing Attacks Targeting Python Package Repository (PyPI) Users Detected

BRANDEFENSE
Security News
29/08/2022

Last updated on December 12th, 2022 at 10:36 am

In PyPI, a software repository for the Python programming language, it has been detected that phishing attacks targeting project developers have been carried out by injecting malicious code into Python packages by threat actors. These phishing attacks aim to capture software developers’ identity information.

phishing attacks targeting python package repository (pypi) users detected

The attack vector begins when threat actors send phishing e-mails to developers expressing security-related urgency. Then, by clicking on the URL link in the e-mail text, the developers are directed to a phishing page created by imitating the user login page of the PyPI platform.

phishing attacks targeting python package repository (pypi) users detected

With the members’ login by providing their information, this login information is captured by the threat actors. Then, the threat actors log into the PyPI platform with the login information of the developers and inject malicious code into the Python packages included in it. It has been observed that malicious software created for users to download to their systems is larger in size due to its detection evasion features and a valid signature.

phishing attacks targeting python package repository (pypi) users detected

It has been announced that the affected accounts on the PyPI platform are temporarily frozen, and the affected “Exotel” and “Spam” packages have been removed. Attack campaigns that manipulate open source platforms and target software developers are increasing day by day.

In order not to be the target of similar attacks that may be carried out in this context, it is recommended to implement the security steps given below.

  • Developers at risk of being hacked should reset their passwords and 2FA recovery codes.
  • E-mails, attachments, or links from suspicious and unknown parties should not be opened.
  • Beware of unreliable content.
  • Comprehensive security solutions should be used.
  • Detected IoC findings related to the attack campaign should be blocked by the security solutions.
phishing attacks targeting python package repository (pypi) users detected

In addition, it is recommended to verify that the URL in the address bar is http://pypi.org and that the TLS certificate of the site is http://pypi.org to verify that you are not using your credentials on the phishing page.

Share on Facebook Share on X
Search
Categories
APT GroupsBlogDark WebDRPSFraudRansomwareSector AnalysisSecurity NewsVIP SecurityWe in the PressWeekly Newsletter
Recent Posts
  • Brandefense’s Perspective on Understanding APT: Decoding the Tactics of APT Groups
    Brandefense’s Perspective on Understanding APT: Decoding the Tactics of APT Groups
  • Blended Attacks: When Cybercriminals Use Multiple Techniques
    Blended Attacks: When Cybercriminals Use Multiple Techniques
  • Insider Threats: Identifying and Mitigating Risks from Within
    Insider Threats: Identifying and Mitigating Risks from Within
  • Threat Actors Exploit Docker Engine API
    Threat Actors Exploit Docker Engine API
Ransomware Trends Report | Q2 2023
Ransomware Attack Trends in the Second Quarter of 2023
Report

Ransomware Attack Trends in the Second Quarter of 2023

Download Report
Follow us!

Continue Reading

Previous post

Security News – Week 34

week 34 newsletter cyber security news
lastpass data breach
Next post

LastPass Suffers A Security Breach

We know what hackers know about you

Our cyber threat intelligence and security research team is ready to help you.
image link

Brandefense is solving SOC’s complex challenges. We are here to help Brandefense customers to protect their brands and reputations against cyber threats.

United States:

300 Delaware Ave. Ste 210 #328 Wilmington, DE 19801 / USA

Republic of Turkey:

Üniversiteler, 1605 Cd. Cyberpark Vakıf Binası Kat: -1 No: B25, 06800 Çankaya/Ankara

© 2022 Brandefense. All rights reserved.

Solutions
Threat IntelligenceBrand ProtectionVulnerability ManagementFraud ProtectionVIP SecurityAttack Surface ManagementVulnerability Intelligence
Use Case
Data LeakagePhishing MonitoringAccount Takeover DetectionStolen Credit CardsDark Web MonitoringRemediation / Takedown
Partners
About the Partner ProgramBecome a Partner
Company
AboutCareerPrivacy PolicyCookie PolicyTerms Of UseContact
Close
Search

Hit enter to search or ESC to close

cookie By using this website, you agree to our cookie policy. Close