The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that’s targeting users in an attempt to redirect them to fake PyPI sites.
The attack involves sending email messages bearing the subject line “[PyPI] Email verification” that are sent from the email address noreply@pypj[.]org (note that the domain is not “pypi[.]org“).
“This is not a security breach of PyPI itself, but rather a phishing attempt that exploits the trust users have in PyPI,” Mike Fiedler, PyPI Admin, said in a post Monday.
The email messages instruct users to follow a link to verify their email address, which leads to a replica phishing site that impersonates PyPI and is designed to harvest their credentials.
But in a clever twist, once the login information is entered on the bogus site, the request is routed to the legitimate PyPI site, effectively fooling the victims into thinking that nothing is amiss when, in reality, their credentials have been passed on to the attackers. This method is harder to detect because there are no error messages or failed logins to trigger suspicion.
PyPI said it’s looking at different methods to handle the attack. In the meanwhile, it’s urging users to inspect the URL in the browser before signing in and refrain from clicking on the link if they have already received such emails.
If you’re unsure whether an email is legitimate, a quick check of the domain name—letter by letter—can help. Tools like browser extensions that highlight verified URLs or password managers that auto-fill only on known domains can add a second layer of defense. These kinds of attacks don’t just trick individuals; they aim to gain access to accounts that may publish or manage widely used packages.
“If you have already clicked on the link and provided your credentials, we recommend changing your password on PyPI immediately,” Fiedler said. “Inspect your account’s Security History for anything unexpected.”
It’s currently not clear who is behind the campaign, but the activity bears striking similarities to a recent npm phishing attack that employed a typosquatted domain “npnjs[.]com” (as opposed to “npmjs[.]com”) to send similar email verification emails to capture users’ credentials.
The attack ended up compromising seven different npm packages to deliver a malware called Scavenger Stealer to gather sensitive data from web browsers. In one case, the attacks paved the way for a JavaScript payload that captured system information and environment variables, and exfiltrated the details over a WebSocket connection.
Similar attacks have been seen across npm, GitHub, and other ecosystems where trust and automation play a central role. Typosquatting, impersonation, and reverse proxy phishing are all tactics in this growing category of social engineering that exploits how developers interact with tools they rely on daily.
