22,000 PyPI packages at risk: how the Revival Hijack issue could affect the security of your code

Analysts at JFrog have discovered a new threat called Revival Hijack. Attackers use this method to register new projects in PyPI (the repository for Python packages) under the names of previously deleted packages.

This allows them to attack supply chains, potentially leading to the download of malicious software. Researchers report that this technique could have affected 22,000 packages in PyPI, resulting in hundreds of thousands of downloads of dangerous files. The problem is that the names of deleted packages become available for registration again. Developers who delete their projects receive only a warning about the possible consequences.

For example, if they delete their project, its name may be taken by someone else. PyPI has a blacklist where package names cannot be registered for new projects. However, most deleted packages do not make it onto this list. According to JFrog, over 22,000 vulnerable packages have already been removed from PyPI, with an average of 309 packages being deleted each month, opening new opportunities for attackers.

As an example, researchers cite the case of the package pingdomv3, which was deleted on March 30, 2024. On the same day, attackers registered this name and released an update with malicious code disguised for the Jenkins CI/CD environment. To mitigate the risks from Revival Hijack, JFrog specialists created new Python projects and registered the names of popular deleted packages to protect them.

They changed the version numbers to 0.0.0.1 so that active users could not receive updates. However, three months later, it was found that these packages had been downloaded nearly 200,000 times due to automated scripts and user errors.