Python Package Index (PyPI), the official repository for third-party software in the Python programming language, has temporarily disabled user sign-ups and the ability to upload new packages until further notice.
The PyPI administrators made this decision due to a recent surge in malicious users and projects on the platform, which has overwhelmed their response capacity, exacerbated by the absence of multiple administrators on leave.
Although no specific information about the malware or threat actors involved has been provided, this move aligns with the ongoing concerns regarding software registries as attractive targets for attackers aiming to compromise developer environments and tamper with the software supply chain.
Recently, Israeli cybersecurity firm Phylum detected an active malware campaign utilizing OpenAI ChatGPT-themed baits to entice developers into downloading a malicious Python module that can steal clipboard content, potentially compromising cryptocurrency transactions.
Similarly, ReversingLabs discovered multiple npm packages named nodejs-encrypt-agent and nodejs-cookie-proxy-agent in the npm repository, which deploy a trojan called TurkoRat.
The temporary suspension of PyPI user registrations and package uploads aims to mitigate the risks associated with malicious activities and ensure the integrity of the Python software ecosystem.