‘Revival Hijack’ on PyPI Disguises Malware with Legitimate File Names

Security researchers have brought to light a simple technique for distributing malicious payloads through Python Package Index (PyPI). Attackers can register a harmful package using a previously registered, but removed legitimate package’s name. The researchers found 120,000 removed packages that could potentially be repurposed in this way. Known as “Revival Hijack”, the method works because PyPI does not stop name reuse. The researchers advise users to ensure their systems are not installing removed packages.