🐍 PyPI Will Require 2FA By The End Of 2023 Also From Dead People

Seems like we live in the times when developers receive more invites from mysterious, cute ladies than popstars.

Lately I was searching for a freeware and noticed something peculiar about one app I really matched my needs. After several versions being published over the years, there was a gap, and just in this year a new release was made with some minor improvements.

Everything seemed legit, except the time gap. The app was published on a credible, major freeware hosting site I won’t mention by name.

I was curious if the new release was ok, so just in case I’ve checked it with multiple malware and trojan detectors offered in a bundle by a popular file scanning, free online service.

Surprisingly it occurred that this particular file contained a trojan.

What I guess have happened, the developer credentials were stolen, and hackers used them to forge a release to target more people.

After that I’ve scanned several other freeware apps and got similar results. They came from various sites and before you write it — no, they were not false positives.