PyPI, a repository of software for the Python programming language, temporarily halted the admission of new users and projects after an influx of malware on the platform.
The Python Package Index (PyPI) made the abrupt move on Friday after the platform said that the amount of malware on its platform had become unmanageable.
“The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond to it in a timely fashion,” PyPi said in a statement.
PyPI, also called Cheese Shop as a reference to a sketch by Monty Python’s Flying Circus, is an official third-party software repository for Python. Developers use the platform to download pre-built software packages, using code that’s already written by somebody else.
Threat actors post malicious packages so developers would include them in the projects they’re building, embedding malware in the structure of a program. Earlier this year, cybersecurity firm Phylum detected several hundreds of packages infected with crypto wallet clipboard replacing malware on PyPI.
“While we re-group over the weekend, new user and new project registration is temporarily suspended,” PyPI said.
However, the platform indicated that the suspension was lifted late Saturday evening and the Python status monitoring service shows that PyPI is once again operational after two days of downtime.
Threat attackers continuously target open-source tools for software development. The Cybernews research team detected nearly two million .git folders containing vital project information that was exposed to the public late last year.
Git is the most popular open-source, distributed version control system (VCS). It coordinates work among programmers developing source code, and allows tracking changes.
Your email address will not be published. Required fields are markedmarked