dcsimg
November 23, 2017
Hot Topics:

Malicious Modules Found in Python Repository

  • September 18, 2017
  • By Developer.com Staff

Slovakia's National Security Authority is warning that the Python Package Index (PyPI) has been serving malicious code packages. Since June, the official Python repository has included modified code packages with names very similar to the standard code packages. The modified code packages have slightly different installation scripts which contain "malicious (but relatively benign) code."

"Such packages may have been downloaded by unwitting developer[s] or administrator[s] by various means, including the popular 'pip' utility (pip install urllib)," The Slovak authorities warned. "There is evidence that the fake packages have indeed been downloaded and incorporated into software multiple times between June 2017 and September 2017."

In response, PyPI has issued a statement which says, in part, "Since the publishing of the announcement we've received many suggestions for how to prevent this sort of attack in the future. We're considering all of the options and nothing is off the table, but we caution that any solution will take time to implement." The statement also noted that PyPI is run by volunteers and does not have any full-time staff.

View article


Share



Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Sitemap | Contact Us

Thanks for your registration, follow us on our social networks to keep up-to-date