Particle.news

Download on the App Store

Phishing Campaign Uses Fake Verification Emails to Target PyPI Users

Maintainers are awaiting takedown of spoofed domains after sending abuse notices to registrars

Image
Image
Image

Overview

  • Attackers are sending emails from [email protected] with the subject "[PyPI] Email verification" that direct users to a replica site designed to harvest credentials.
  • Once users enter credentials on the fake site, the login is transparently proxied to the legitimate PyPI to avoid triggering security alerts.
  • PyPI maintainers have added homepage banners warning of the phishing scheme and are urging users to inspect URLs, change compromised passwords and review their Security History.
  • Maintainers have sent trademark and abuse notices to registrars and content delivery networks but the lookalike domains remain active.
  • The phishing campaign mirrors a recent npm attack using a typosquatted domain and underscores growing supply-chain threats in open-source ecosystems.