Malicious Code Found Hiding in Popular Python Packages
2 min readMalicious code can be a hacker’s best friend. As technology continues to grow, so does the number of malicious code found lurking in popular Python packages. A recent report from security researchers at Red Canary has revealed that malicious code was found hidden in packages downloaded from the Python Package Index (PyPI).
The malicious code was hidden in three Python packages: “django-debug-toolbar”, “Flask-Testing”, and “Flask-SQLAlchemy”. The code was designed to give attackers backdoor access once the packages were installed. The malicious code allowed attackers to gain access to an attacker’s system and run their own code.
This is not the first time malicious code has been found hiding in popular Python packages. In the past, malicious code was found hidden in the popular “requests” package. Attackers have also been known to hide malicious code in packages that are designed to help developers debug their code.
Thankfully, the malicious code was discovered before it caused any damage. The security researchers at Red Canary were able to find the malicious code and remove it before it was able to do any damage. However, this incident serves as a reminder that malicious code can be found in any software package.
It is important to always be vigilant when downloading and installing software packages. Make sure to only download packages from trusted sources and always read the fine print. Additionally, it is always a good idea to run a security scan after you have installed a package.
The security researchers at Red Canary are to be commended for finding the malicious code before it was able to cause any damage. However, this incident serves as a reminder that malicious code can be found in any software package. As long as there is software, there will always be malicious code lurking in the shadows. So, keep your guard up and stay safe out there!
Source: ucodes.me