- Creating an account and adding packages to the repository that will mimic an existing package. In 2022, we found many of these packages. They included selfbotts, selfbotters, requist, rquests, equests, colorafull, and colorapy packages that mimicked the selfbots, requests, and colorful packages.
- Adding malicious packages via a created account; these packages hint at solving certain problems with their names. In particular, we caught requests-json, requestscaches, and flask-utils-helper packages.
- Gaining unauthorized access to a legitimate developer's account and releasing "new" versions of this developer's packages. In May 2022, the developer of the ctx module was hacked, and an AWS token stealer was added to the next version of the module package. In August, at least 10 popular packages were compromised through mass phishing.
When using Python packages, there is also a risk of a developer computer being compromised. Anyone can make a typo when installing a package. At best, a warning will be displayed saying that the package does not exist, or another package will be installed. At worst, the developer computer will be infected with malware.