• Daniel Quinn@lemmy.ca
    link
    fedilink
    English
    arrow-up
    18
    ·
    6 months ago

    Very cool trick. I’ve never been comfortable with how Python package installation is effectively arbitrary code execution. It’s also a nice reminder that installing packages into a Docker environment is generally safer than going bare back metal.

  • bizdelnick
    link
    fedilink
    arrow-up
    10
    ·
    6 months ago

    It is not steganography. It’s just cat original.png trojan > malicious.png.