I'm one of the co-founders @ Phylum. We've been tracking this campaign [1] (along with several other unrelated ones). The collective group of security researchers (Shoutout to https://vipyrsec.com/) in our Discord have been reporting these packages to PyPI for removal. If this is something you'd be interested in helping with, please join our Discord (https://discord.gg/Fe6pr5eW6p)!
Besides the gigantic analytics platform we've constructed to monitor supply chain attacks targeting open source, we've also open sourced a few tools to better mitigate attacks targeting developers. For example, a sandbox to minimize the impacts of malicious packages during installation [2] (with a pre-check to our API for known malware), which allows you to do things like
phylum npm install <pkgName>
Happy to answer any questions about this campaign or others we've uncovered!
Besides the gigantic analytics platform we've constructed to monitor supply chain attacks targeting open source, we've also open sourced a few tools to better mitigate attacks targeting developers. For example, a sandbox to minimize the impacts of malicious packages during installation [2] (with a pre-check to our API for known malware), which allows you to do things like
Happy to answer any questions about this campaign or others we've uncovered!1. https://blog.phylum.io/typosquatting-campaign-targets-python...
2. https://github.com/phylum-dev/birdcage