dcsimg
October 20, 2018
Hot Topics:

Malicious Modules Found in Python Repository

  • September 18, 2017
  • By Developer.com Staff

Slovakia's National Security Authority is warning that the Python Package Index (PyPI) has been serving malicious code packages. Since June, the official Python repository has included modified code packages with names very similar to the standard code packages. The modified code packages have slightly different installation scripts which contain "malicious (but relatively benign) code."

"Such packages may have been downloaded by unwitting developer[s] or administrator[s] by various means, including the popular 'pip' utility (pip install urllib)," The Slovak authorities warned. "There is evidence that the fake packages have indeed been downloaded and incorporated into software multiple times between June 2017 and September 2017."

In response, PyPI has issued a statement which says, in part, "Since the publishing of the announcement we've received many suggestions for how to prevent this sort of attack in the future. We're considering all of the options and nothing is off the table, but we caution that any solution will take time to implement." The statement also noted that PyPI is run by volunteers and does not have any full-time staff.

View article






Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that developer.com may send you developer offers via email, phone and text message, as well as email offers about other products and services that developer believes may be of interest to you. developer will process your information in accordance with the Quinstreet Privacy Policy.

Sitemap

Thanks for your registration, follow us on our social networks to keep up-to-date