The official repository for PyPI Python software packages is under attack by threat actors who have started flooding it with spam packages, according to a new report from BleepingComputer. These spam packages use a naming style commonly associated with torrents and other pirated online content where the name of each package contains a movie title, the current year, and the words online and free like this "watch-army -of-the-dead-2021-full-online-movie-free-hd-quality.”Sonatype senior software engineer Adam Boesch first discovered these suspicious packages when he found a PyPI component bearing the name from a popular TV show. Boesch provided additional information about his discovery in an interview with BleepingComputer, saying: "I was browsing the dataset and noticed 'wandavision', which is a bit strange for a package name. Upon closer inspection, I found this package and got it. I looked up PyPI because I didn't think so. This is not uncommon in other ecosystems like npm, where there are millions of packages. Fortunately, packages like these are fairly easy to spot and avoid."