Identifying a typosquatting attack on "requests," the 4th-most-popular Python package

Stacey Potter - Jun 6 - - Dev Community

An attacker published a Python package to the PyPI (Python Package Index) registry named requestn, a name that's very similar to the very popular PyPI requests library. This user even tagged the same latest version of 8.0, so this was clearly a typosquatting attack.

Trusty is a free-to-use software supply chain security monitoring platform that gives you insight into the safety of your open source dependencies. Trusty looks for certain patterns such as the proof of origin / source provenance mapping of a codebase to a package; the activity of the project and its authors; and the advanced textual / binary analysis of a package contents to discover malware, CVEs, and malicious code.

It came to our attention earlier today that a 3-day-old account, "Dmitry2001," published a Python package to the PyPI (Python Package Index) registry named requestn, a name that's very similar to the very popular PyPI requests library. The requests library has more than 30 million downloads a week. It is a hugely popular library in Python that simplifies making HTTP requests to interact with web services.

Trusty's threat analysis system, developed by Stacklok, was able to interpret the requestn package as suspicious, due to its close proximity to the popular requests library...

Read the full article by Luis Juncal & Luke Hinds here

. . . . . . . . . . . . . . . . . . . . . . . . . .
Terabox Video Player