More than 20,000 Python Package Index packages could be hijacked with the novel Revival Hijack supply chain attack technique, which has already been leveraged by threat actors since March, indicating an elevated risk of downstream compromise, according to The Hacker News.
Attacks enable PyPI software takeovers by re-registering packages upon their removal from the index, an analysis from JFrog showed. With more than 300 packages removed from the PyPI repository a month, threat actors could facilitate more effective intrusions, compared with the typosquatting technique, said JFrog researchers. Such a threat should prompt continuous monitoring of DevOps pipelines to ensure that removed packages are not reinstalled. "The PyPI package attack surface is continually growing. Despite proactive intervention here, users should always stay vigilant and take the necessary precautions to protect themselves and the PyPI community from this hijack technique," said JFrog Security Research Team Lead Brian Moussalli.
