Security News > 2022 > May > Old Python package comes back to life and delivers malicious payload

Old Python package comes back to life and delivers malicious payload
2022-05-26 13:40

Python packages are generally updated often as their developers add new functionalities or features, remove bugs or increase stability.

An old Python package named "Ctx," not updated since 2014, suddenly came back to life with new updates.

Python packages can be updated using the "Pip" command very easily in the command line.

The original ctx package stopped being updated in December 2014 with version 0.1.2.

This allowed the attacker to create the same email address and do a password reset before taking full control of the package repository and pushing malicious code.

If an attacker gains access to valid credentials for package maintenance, if MFA is enabled then they would be unable to update the repository with malicious content.


News URL

https://www.techrepublic.com/article/old-python-package-delivers-malicious-payload/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Python 24 2 52 74 31 159