On May 10, 2024, Phylum’s automated risk detection platform alerted us to a suspicious publication on PyPI. The package was called requests-darwin-lite and appeared to be a fork of the ever-popular requests package with a few key differences, most notably the inclusion of a malicious Go binary packed into
  • Daniel Quinn@lemmy.caEnglish
    18·
    5 months ago

    Very cool trick. I’ve never been comfortable with how Python package installation is effectively arbitrary code execution. It’s also a nice reminder that installing packages into a Docker environment is generally safer than going bare back metal.

  • bizdelnick
    10·
    5 months ago

    It is not steganography. It’s just cat original.png trojan > malicious.png.