Hello Grokking Python readers, and happy Thursday!

August was quite a month for people in the Python and cybersecurity communities, so let’s dive right in.

PyPi phishing campaign and malware attack

Recent Python malware attacks used "typosquatting" to put thousands of developers at risk

PyPI published a Twitter thread reporting the details of a recent phishing campaign that used typosquatting to target its users. Reports of new malicious releases are currently under review.

Python Package Index @pypi

Today we received reports of a phishing campaign targeting PyPI users. This is the first known phishing attack against PyPI. We’re publishing the details here to raise awareness of what is likely an ongoing threat.

2:10 PM ∙ Aug 24, 2022

---

375Likes314Retweets

If you believe you may have entered your credentials on a phishing site, make sure to:

1. Reset your password

2. Reset your 2FA recovery codes

3. Review your PyPI account for suspicious activity

What is typosquatting?

Typosquatting is a type of cyberattack in which hackers register domain names that are similar to popular website names, in the hope that users will mistype the name of the site and be redirected to the malicious site. This can lead to users inadvertently downloading malware or revealing personal information to the hackers.

Unsurprisingly, this method can also be used to deceive developers into downloading what they believe are popular Python packages. In fact, this is exactly what happened in July 2020, when the malicious Python "request" package was downloaded over 10,000 times by people who believed they were downloading the "requests" package.

A similar technique called StarJacking falsifies the GitHub Stars statistics for a package to make it appear popular. According to Checkmarx, an application security testing company, PyPi is one of the package managers where developers are especially vulnerable to both of these techniques.

As a final note, please remember to be aware of the risks that come with downloading and using packages as dependencies in your projects. Err on the side of caution, and always double-check your package names.

Python seizes the No. 1 spot on the TIOBE index for August 2022

The TIOBE Programming Community index is an indicator of the popularity of programming languages, and it’s indicating that Python is more popular than ever.

Python took first place on the TIOBE index for August with a +2% increase in popularity this month, and now represents 15.42% of the total index. This makes Python the most popular programming language in the world!

RStudio's Shiny for Python enters into Alpha

RStudio, a popular development environment for the R programming language, has announced the alpha release of its new Shiny for Python package. Shiny is a web application framework that allows Python developers to create interactive web applications without having to learn any web development skills.

If you're interested in testing it out or providing feedback, you'll be thrilled to know that you can learn Shiny completely within the browser, with no installation required!

Upcoming conferences

• EuroSciPy 2022 is just around the corner! The 14th annual European Conference on Python in Science will run from Aug. 29 through Sept. 2. Be sure to check it out if you're interested in using Python in scientific research.

• DjangoCon Europe 2022 will be running from Sept. 21-25. Be sure to grab your tickets while they're still available! A limited quantity is left.

• PyBay 2022: Food Truck Edition is coming to San Francisco and online for its 7th annual Python conference. There's a lineup of 25 speakers, and you can check out the full list on their website. If you're attending in person, you'll get to enjoy samples from nearly 20 food trucks, network with hiring companies, and listen to live music!

New Python courses on Educative

To end this month's update on a bright note, here are a couple of the latest Python courses to drop on Educative!

Handling Financial Services with Square API in Python

Want to build a strong foundation in using Square APIs for business applications but don't know where to start? This is a great course for beginners who want to learn how to accept payments securely, intermediate learners who want to explore Square API in more detail, and professionals who want to integrate Square API into their next project.

Note: This course is available for free!

In under 2 hours, you can:

• Get familiarized with various Square APIs for business operations

• Get a working knowledge of order creation and retrieval mechanisms using Square API

• Learn how to generate and update invoices attached to order records using Square API

• Learn how to make, record, and refund payments using Square API

• Get hands-on experience integrating Square business and payment functions into a Django application using Square APIs

Prerequisites: A basic understanding of APIs and some fundamental knowledge of the Python programming language.

Build a REST API using Python and deploy it to Microsoft Azure

If you have more experience under your belt and want to learn how to build your own web APIs, then check out this course. You'll start from the basics of using REST API, move on to the framework for developing APIs in Python, and then build some neat projects to deploy on Microsoft Azure.

Note: This is a paid course, but you can try it by signing up for a free seven-day trial!

In under 3 hours, you will:

• Understand the concept of an API

• Learn about the FastAPI Python web framework

• Learn to implement Optical Character Recognition

• Learn and understand different services provided by Azure

• Get familiarized with Git and GitHub

• Build and Deploy an API to Microsoft Azure App Services

Prerequisites: Basic understanding of Python, logging, and programming concepts.

That’s it for now! We’ll be back next month with another recap, so stay tuned for more updates and news in the Python community.

As always, happy learning!