PyPI Users Warned Again About Phishing Attacks
The Python Software Foundation (PSF) has issued a fresh warning about an ongoing phishing campaign targeting developers who use the Python Package Index (PyPI). Attackers are impersonating PyPI with a look-alike domain to steal login credentials.
Recurring Campaign
This latest wave continues a series of attacks first observed in July 2025. Developers are receiving fraudulent emails urging them to confirm their email addresses “for security purposes,” with threats that accounts could be blocked if they fail to act.
“These emails are fraudulent, and the link in them leads to pypi-mirror[.]org — a domain that is not owned by PyPI or PSF,” cautioned Seth Larson, a security developer at PSF.
Defensive Measures
Larson emphasized the importance of phishing-resistant multi-factor authentication (MFA) to reduce the risk of account compromise. He also advised developers to:
- Never click links in suspicious emails
- Use password managers that auto-fill credentials only on legitimate domains
- Enable MFA wherever possible
Developers who entered their credentials on the fraudulent site are urged to immediately change their passwords, review account security logs for anomalies, and report any suspicious activity.
Supply Chain Risk
The attackers’ objective is clear: steal developer credentials and use them in downstream supply chain attacks. With access, threat actors can hijack existing PyPI packages, insert malware into updates, or publish entirely new malicious packages.
The warning comes as the software ecosystem continues to grapple with similar attacks elsewhere. Recently, npm maintainers faced nearly identical phishing attempts, with emails pressuring them to update MFA details or risk account suspension.
Lessons from npm’s Breach
That campaign proved highly effective. Several maintainers fell victim, including Josh Junon (known as Qix), who maintains 18 npm packages with more than 2.5 billion weekly downloads. His account compromise led to the release of dozens of malicious package versions — widely described as the largest supply chain attack in npm’s history.
