News SEO spammers attacked PyPI and GitLab


Dorblue

Essential
Joined
28.09.20
Messages
93
Reaction score
258
Points
33
Spam attacks on source code and package repositories are a new tactic for cybercriminals.

Spammers bombarded the Python Package Index (PyPI) portal and the source code hosting site GitLab with junk traffic, flooding them with ads for dubious sites and services. Attacks on both resources are unrelated.

The most powerful of the two attacks is an attack on PyPI – the official package repository for the Python programming language, which hosts tens of thousands of Python libraries. Over the past month, spammers have been abusing the fact that anyone can create records on the PyPI site.

Attackers generate pages for non-existent Python libraries, essentially playing the role of SEO for various shadow sites. These pages usually contain a "cocktail" of keywords for topics ranging from games and movies to pornography and prize draws, and a shortened link to a site that often tries to obtain payment card details.

In total, the attackers generated more than 10 thousand pages for non-existent libraries, and PyPI administrators are currently working to remove them. Since anyone can publish on the portal, such spam attacks are quite common.

While the attack on PyPI has been going on for at least a month, the attack on GitLab was discovered recently. On February 7-8, unknown cybercriminals carried out spam attacks on problem trackers in GitLab projects that affected the email of account holders. As with PyPI, the comments received via email redirected users to shady sites.

Spam attacks on source code repositories are a new tactic for cybercriminals. In past years, spammers have mostly attacked blogs, forums, and news portals, posting links to shady resources in the comments. Obviously, GitLab was not prepared for this type of attack, as its email system was overloaded and very slow. Currently, everything is back to normal.
 
Top Bottom