New Phishing Scam Aims at PyPI Maintainers to Steal Login Information

A fresh wave of domain-confusion phishing emails is sweeping through the Python community, once again setting its sights on PyPI maintainers.

As malicious actors continually swap out domain names, PyPI users must remain vigilant and adopt stronger safeguards to protect their accounts.

In this latest iteration, maintainers receive an unsolicited email urging them to “verify your email address” under the guise of “account maintenance and security procedures.”

The message warns that failing to comply may result in account suspension, prompting recipients to click a link that leads to pypi-mirror.org, a site unaffiliated with the Python Packaging Authority (PSF) or the official PyPI registry. The correspondence mimics legitimate PyPI notifications, using similar branding, layout, and tone.

This campaign mirrors the scheme uncovered in July 2025 but employs a different deceptive domain to dupe open-source contributors into revealing their login credentials.

Upon arriving at the fraudulent page, unsuspecting ...