Massive Malicious Activity on PyPI Linked to inbox.ru Email Addresses, Prompting Immediate Blockade

In June 2025, developers at the Python Package Index (PyPI) identified a significant surge in malicious activities originating from email addresses associated with the inbox.ru domain. This discovery prompted an immediate blockade on new registrations and package submissions from these accounts. Subsequent investigations revealed that these actions were orchestrated by cybersecurity professionals from Mail.ru (VK), the parent company of inbox.ru.

PyPI serves as a vital repository for Python packages, playing a crucial role in the software supply chain. The detection of malicious activities linked to inbox.ru email addresses underscores the persistent threat of supply chain attacks within open-source ecosystems. Techniques such as typosquatting and slopsquatting are commonly employed in such scenarios, where attackers create deceptive package names or domains to mislead users into downloading malicious software.

The involvement of Mail.ru's security specialists introduces an intriguing dimension to this incident. It remains unclear whether these specialists were instrumental in detecting and mitigating the threat or if they were implicated in the malicious activities themselves. Nevertheless, their involvement highlights the critical role of internal security teams in identifying and addressing cyber threats.

The immediate blocking of new registrations and additions from inbox.ru accounts signifies the severity of the threat and the necessity for swift action to prevent further compromise. This incident underscores the importance of robust monitoring and security measures within package repositories to safeguard against supply chain attacks.

From a broader cybersecurity perspective, this event serves as a stark reminder of the vulnerabilities inherent in open-source ecosystems. Developers and organizations must remain vigilant and implement stringent security protocols to mitigate the risks associated with such threats. The collaboration between repository maintainers and internal security teams is paramount in ensuring the integrity and security of the software supply chain.