1. Forum
  2. tqwNet
  3. TQW GENTECH

  • PyPl is blocking hundreds of expired domains to halt malware atta

    From TechnologyDaily@1337:1/100 to All on Tuesday, August 19, 2025 17:00:09
    PyPl is blocking hundreds of expired domains to halt malware attacks

    Date:
    Tue, 19 Aug 2025 15:52:00 +0000

    Description:
    PyPIs package manager has now started checking for expired domains.

    FULL STORY ======================================================================Domain resurrection attacks allow cybercriminals to exploit the trust users have in PyPI By scanning for expired domains, PyPI aims to put a stop to these
    attacks Users are still advised to turn on 2FA and add secondary emails

    The Python Package Index (PyPI) is putting a stop to so-called domain resurrection attacks that have been observed in the wild before to launch cyberattacks.

    Domain resurrection is a supply chain attack where a threat actor registers, or re-registers, a domain that was once owned by a legitimate package maintainer, but has since expired.

    Package metadata often lists contact information, and many PyPI packages include a maintainer email address, which is usually tied to a custom domain. If the maintainer quits the project (or forgets to renew), the domain becomes available for purchase. Threat actors then snipe the domain, also taking control over the email service. A handful of victims

    Now, with the domain resurrected, they can receive password reset emails for the maintainers PyPI account, and use it to push tainted updates. Since the package is already in use, and the domain used to be legitimate, users trust it and unknowingly install malware .

    To tackle the problem, PyPIs package manager has now started checking for expired domains.

    "These changes improve PyPI's overall account security posture, making it harder for attackers to exploit expired domain names to gain unauthorized access to accounts," PyPIs admin Mike Fiedler said in an announcement.

    This will not end all of PyPIs hacking troubles, but it will definitely improve the security posture, as since June 2025 it already unverified almost 2,000 email addresses. The first case of domain resurrection attacks was spotted in 2022, when an unidentified threat actor purchased the domain used for the ctx PyPI package and used it to deliver malware.

    Obviously, checking for expired domains is not a silver bullet, which is why PyPI advises its users to enable two-factor authentication (2FA) and add a second, verified email address, from a reputable provider such as Gmail or Outlook, especially in cases where the account only has one verified email address from a custom domain name.

    Via The Hacker News You might also like Python devs targeted with dangerous phishing attacks - here's how to stay safe Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/pypl-is-blocking-hundreds-of-expired-do mains-to-halt-malware-attacks


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)