Package repository PyPI restricts domains belonging to Inbox.ru after discovering over 1,500 deceptive project uploads.
The open-source Python community faced a significant challenge in June and early July 2025, with a sophisticated spam campaign targeting the Python Package Index (PyPI). The incident, which involved over 250 fraudulent user accounts and more than 1,500 fake Python projects, unfolded primarily between June 9 and July 11.
The attackers exploited a loophole in PyPI's structure, focusing on slopsquatting—creating fake packages that mimicked the names or command-line entry points of legitimate popular Python packages. These projects themselves contained no malicious code but were designed to confuse users by imitating legitimate package interfaces, potentially leading users to install incorrect or malicious software in the future.
The attackers took advantage of PyPI's registration system, which allows account creation using any valid email. They specifically used inbox.ru email addresses en masse to automate the creation of numerous fake accounts. The campaign was detected when a large language model recommended the installation of a nonexistent PyPI project, highlighting the danger of automated suggestions being misled by such deceptive packages.
Upon discovery, PyPI administrators responded swiftly. They implemented an immediate ban on inbox.ru email addresses, blocking new registrations and addition of inbox.ru email addresses to existing accounts. All fraudulent accounts and their uploaded projects were purged from the repository, and the associated accounts were disabled. This move was part of a broader strategy to enforce trust and integrity in the open-source Python ecosystem by addressing abuse of the delegated trust model inherent in email-based user verification.
PyPI also maintains a blocklist of domains known for abuse, supplementing a disposable-email-domains list, to prevent registration abuses from transient or malicious actors. PyPI administrators emphasize users should not blindly install packages recommended by third parties or AI models without verifying project names and sources, to avoid falling victim to lookalike or fake packages.
This incident serves as a cautionary example highlighting the risks around package impersonation and repository trust models in open-source ecosystems. The decisive administrative actions by PyPI illustrate an evolving security posture to counter such supply chain and ecosystem attacks. The campaign, which resulted in over 1,500 fake project uploads across a month-long period, differed from traditional malware distribution, focusing on creating confusion and potentially preparing infrastructure for future attacks. The malicious projects targeted command-line interface entrypoints, and domain-level restrictions on inbox.ru registrations were implemented.
As the open-source community continues to grow and evolve, it is crucial to remain vigilant against such threats and to adopt best practices for security and trust. This incident underscores the importance of a proactive approach to security, with regular audits, education, and collaboration being key components in maintaining the integrity and resilience of open-source ecosystems.
- Recognizing the potential threats, the open-source Python community, in the face of such sophisticated attacks, must prioritize cybersecurity measures, especially in areas like technology with centralized repositories like PyPI.
- The technology employed by attackers, such as the use of inbox.ru email addresses, underscores the need for a heightened focus on cybersecurity, particularly in the detection and prevention of deceptive practices like slopsquatting and package impersonation.
