The Python Package Index (PyPI), the primary repository for Python software, has enacted an immediate ban on the use of inbox.ru email addresses following the discovery of a widespread spam campaign that resulted in the creation of more than 250 fraudulent user accounts and the publication of over 1,500 fake projects.
This latest administrative measure affects both new user registrations and the addition of inbox.ru addresses to existing accounts.
PyPI’s swift response including the removal of all suspect projects and the disabling of the associated accounts was prompted by the recognition of the significant potential for user confusion, resource drain, and downstream security issues.
Administrative Crackdown on Email Domain
The events unfolded rapidly over the latter part of June 2025. According to administrative timelines, the campaign began quietly on June 9th, with the creation and verification of the first rogue account.
The floodgates opened by June 11th and June 24th, as waves of spam accounts were established, at one point seeing upwards of 207 accounts registered in just four hours.
Exploiting the core trust model of open package repositories, assailants proceeded to upload a massive volume of new projects peaking at 740 in a single day on June 30 each bearing innocuous or random names and containing little or no source code.
Crucially, this attack did not involve traditional malware distribution but rather leveraged the opportunity to create placeholder packages with plausible-sounding names or popular entrypoints commonly used command-line interfaces or shared module naming conventions that could potentially mislead developers and automated tools alike.
This phenomenon, known as “slopsquatting,” is a variant of earlier supply chain attacks where packages with typosquatted or subtly altered names impersonate real software.
Here, the intention appeared not to deliver immediate harm, but to test the vector’s viability, set the stage for future campaigns, or simply pollute the repository with spam to undermine user trust.
AI-Generated Recommendations
The vector of attack using accounts registered via inbox.ru was only detected after users, including one working alongside a Large Language Model (in this case, Sonnet 4), reported that the AI was recommending the installation of non-existent projects, likely as a result of these fraudulent uploads being indexed.
This raises concerns not just about the integrity of software repositories, but also about the reliability of AI-driven coding assistance, which may inadvertently promote unsafe or invalid packages present on public indexes.
As part of its routine security posture, PyPI prohibits registrations from known disposable email domains and maintains a dynamic internal blocklist to respond to emergent threats and suspicious activity.
While users can generally rely on any valid email provider, this mechanism implicitly delegates much of the security burden to the provider itself posing challenges when providers, such as inbox.ru, are found to be vectors for coordinated abuse.
This is not the first domain-wide ban enacted by PyPI; a previous incident saw another mainstream email provider blacklisted following a similar escalation of abusive registrations.
According to the Report, PyPI administrators continue to monitor trends in repository abuse and urge users to exercise heightened vigilance.
The incident serves as a cautionary tale about blindly installing packages on the advice of automated systems or unfamiliar sources.
As the ecosystem grapples with increasingly sophisticated threats often amplified by AI-generated output the need for both manual oversight and robust technical defenses has never been more apparent.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates
