PyPI Repository Under Siege: Temporary Halting of User Registrations and Package Uploads

"PyPI Enforces Temporary Freeze on New User Registrations and Project Uploads due to Escalating Malicious Activities"

PyPI administrators, citing an overwhelming surge in the creation of malicious users and projects, have announced the temporary suspension of user sign-ups and package uploads. In an official notice released on May 20, 2023, the administrators acknowledged their inability to respond promptly to the escalating threat, exacerbated by the absence of several PyPI administrators.

While specific details concerning the malware and the threat actors involved in the unauthorized publication of rogue packages on PyPI were not disclosed, this decision highlights the persistent targeting of software registries like PyPI by malicious entities seeking to compromise developer environments and tamper with the software supply chain. Recently, cybersecurity firm Phylum uncovered an ongoing malware campaign exploiting OpenAI ChatGPT-themed tactics to entice developers into downloading a malicious Python module capable of pilfering clipboard content for cryptocurrency transaction hijacking.

Moreover, ReversingLabs made a similar revelation, identifying multiple npm packages named nodejs-encrypt-agent and nodejs-cookie-proxy-agent in the npm repository. These packages were found to deploy a trojan called TurkoRat, posing a serious security risk.