Typosquatting Cyberattack on PyPI Suspends New User and Project Creation

March 28, 2024
5 mins
A Typosquatting cyberattack on PyPI suspends new user and project creation. Learn about the attack and measures to protect your software supply chain using Safety CLI.

A Call to Action for Enhanced Vigilance and Security

The Python Package Index (PyPI) is currently grappling with a sophisticated cyberattack, which has necessitated the temporary suspension of new project creation and user registration on the platform. 

At the heart of this attack is the use of typosquatting, a deceptive technique where attackers upload malicious packages that mimic the names of popular, legitimate packages. The aim is to trick users into downloading these rogue packages through simple typos when installing (e.g. misspelling tensorflow in several ways today would have resulted in the installation of a malicious package).

To scan your projects for the presence of the malicious packages at the heart of today’s attack, head to our Quick Start Guide to run your first scans for free.

This incident involved multiple malicious packages that were specifically crafted to steal cryptocurrency wallets, sensitive browser data, and various credentials from unsuspecting victims. These packages were engineered with a persistence mechanism, ensuring their continued operation even after system reboots. The file of each malicious package served as the conduit for executing the malicious code upon installation. This file initiated the retrieval of further payloads, which then proceeded to harvest sensitive information from the victim's machine.

The ramifications of this attack extend far beyond the immediate theft of sensitive data; it serves as a stark reminder of the persistent cybersecurity threats facing the software development community. It underscores the critical need for heightened vigilance and proactive security measures within the open source community.

Safety CLI: Your First Line of Defense Against Typosquatting Attacks

In response to this ongoing attack and the evolving threat landscape, robust security practices and tools in safeguarding software supply chains are essential for every Python developer and teams of all sizes. Safety CLI, our Python dependency vulnerability scanner, is engineered to detect known vulnerabilities and malicious packages, including those employed in typosquatting attacks. 

Key Features of Safety CLI in Combating Typosquatting:

  • Malicious Package Detection: Safety CLI scans your Python dependencies using the industry’s most comprehensive database of known vulnerabilities and malicious packages. This database is updated every day to include the latest threats, ensuring your projects are safeguarded against even the most recent attacks.
  • Actionable Remediation Guidance: Upon detection of a malicious package, Safety CLI provides concise, actionable advice for remediation. This may include removing the malicious package or updating to secure versions of affected dependencies.
  • Seamless Integration: Designed for easy integration into development workflows, Safety CLI ensures that security is enhanced without compromising development efficiency.
  • System-Wide Development Machine Scanning: detect Python installations across entire machines, not just individual projects.

Proactive Measures for Protecting Your Projects

The ongoing typosquatting attack on PyPI highlights the importance of proactive security measures in protecting your software projects:

Enhanced Scrutiny of Dependencies: Verify the authenticity of all dependencies before integration into your projects. This includes scrutinizing package names for potential typosquatting attempts. Before installing, double-check the spelling of the package name in your command; a simple typo can easily result in the installation of a typosquatted package.

Educational Outreach: Educate your development teams about the risks of typosquatting and other cyberattacks, promoting a culture of security awareness.

Leverage Security Tools: Utilize advanced security tools like Safety CLI to automate the detection and mitigation of security threats, including those posed by malicious packages.


The typosquatting cyberattack on PyPI is a clarion call for the Python development community to bolster their cybersecurity defences. By adopting a vigilant approach and leveraging advanced security tools like Safety CLI, developers can significantly mitigate the risk of falling victim to such malicious activities. It's through collective vigilance and proactive measures that the open source community can continue to thrive, even in the face of ongoing cybersecurity threats.

For more insights into safeguarding your Python projects and to discover how Safety CLI can play a pivotal role in your security strategy, reach out to us at

Reduce vulnerability noise by 90%.
Get a demo today to learn more.