PyPI, the well-known repository for Python programming language software, recently took a decisive step by halting new user and project registrations temporarily. This action was prompted by a significant increase in malware on the platform.
PyPI, also known as Cheese Shop, made this announcement on Friday, citing an overwhelming number of malicious users and projects that exceeded their ability to respond promptly. It serves as an official third-party software hub for Python, enabling developers to access pre-built software packages and leverage existing code.
Malicious actors take advantage of this platform by posting harmful packages to infiltrate ongoing projects, embedding malware within program structures. Earlier this year, cybersecurity firm Phylum detected numerous packages on PyPI infected with crypto wallet clipboard-replacing malware.
To address the mounting security concerns and regroup effectively, PyPI temporarily suspended new user and project registrations. However, the platform restored access on Saturday evening after a two-day downtime. Python’s status monitoring service verifies the full restoration of PyPI’s operational status.
Threat actors have long targeted open-source tools for software development. In the previous year, the Cybernews research team identified almost two million exposed .git folders containing essential project information, highlighting the ongoing risks confronted by developers.
Story credit
