PyPI, GitLab dealing with spam attacks
Reading Time: 1 Minute
Spammers have inundated the Python Package Index (PyPI) portal and the GitLab source code hosting website with garbage content, flooding both with ads for shady sites and services.
style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>
I was checking on the #falco malware pipeline @snaveen @jw_sec and I have been working on in @theopenssf, and noticed some weird stuff being uploaded to PyPI: https://t.co/XUJNzIc8qL
There are a bunch of these:https://t.co/pzJWprjlxr
Is it just some SEO play?
— Dan Lorenc (@lorenc_dan) February 7, 2021
TIL that pypi (the #python package manager) has a *ton* of free movie spamhttps://t.co/fCQYXl1gTq
— Fernando (@fmc_sea) January 14, 2021
Reached out comment earlier today, the PyPI team said it was aware of the SEO spam flood.
“Our admins are working to address the spam,” Ewa Jodlowska, Executive Director of the Python Software Foundation, told ZDNet in an email on Monday.
“By the nature of pypi.org, anyone can publish to it so it is relatively common,” she added.
Shortly after the exec’s email, many of the spam listings created on the PyPI portal began to be removed, an operation that appears to be still underway.
See Also: Offensive Security Tool: JTR – John the Ripper
style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>
GITLAB PROJECT OWNERS SPAMMED VIA EMAIL
But while the spam attack on PyPI appears to have been going on for at least a month, a new one was detected at GitLab, a website that allows developers and companies to host and sync work on source code repositories.
An unknown threat actor appears to have spammed the Issues Tracker for thousands of GitLab projects with spam content on Sunday and Monday that, each, triggered an email to account holders. Just like the spam on PyPI, these comments also redirected users to shady sites.
Spamming source code repositories appears to be a new tactic for spam groups, which in previous years have usually focused on blogs, forums, and news portals, which have often seen their comment sections flooded with shady links.
style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>
Things are back to normal now, but both incidents show the dangers of leaving systems open and unprotected on the internet.
While spam is not a sexy attack vector, many companies will often fail to secure servers, web apps, and subdomains and will often have these resources abused to either host or participate in spam attacks.
For example, Microsoft, one year later, still has a problem with spam groups hijacking subdomains on its official microsoft.com site to host shady content.
style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>
Source: www.zdnet.com
(Click Link)
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
