ZDNet writes that spammers are actively attacking the Python Package Index (PyPI) and GitLab and bombarding repositories with junk content, flooding resources with advertising of dubious sites and services. Moreover, these attacks are not related to each other.The PyPI repository suffered more than GitLab, as the attack on it has lasted during all the last month. Spammers actively abuse the fact that anyone can create posts on the site for pages of non-existent Python libraries. As a result, they serve as SEO ads for various controversial sites.
Typically, these pages contain a jumble of keywords on topics ranging from games and porn to streaming services and fake giveaways. At the same time, a short URL often leads to fraudulent sites, where they will try to find out the payment card details from the user.
PyPI representatives told reporters that they are aware of this spam wave, and administrators are already working to eliminate it.
Many of the spam lists created on the PyPI portal indeed have been deleted, but the attack seems to be still ongoing.
Similar activity has been seen on GitLab. Over the past weekend, unidentified individuals spammed the site’s Issues Tracker with similar junk, with each of these reports provoking an email being sent to the account holders.
The publication notes that such a vector of spreading spam (through repositories) is still a new tactic for spam groups, which usually focus on blogs, forums and news portals, where comment sections are often filled with dubious links.
As I said, developer Lukas Martini discovered that malicious Python libraries stole SSH and GPG keys. As a result, two libraries that were caught stealing keys from developer projects were removed from the PyPI repository.
User Review( votes)