Open Source

30757 readers

479 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

[email protected]

Malicious Go Binary Delivered via Steganography in PyPI (blog.phylum.io)

submitted 5 months ago by [email protected] to c/[email protected]

3 comments fedilink hide all child comments

top 3 comments

sorted by: hot top controversial new old

[–] [email protected] 2 points 5 months ago (1 children)

It is not steganography. It's just cat original.png trojan > malicious.png.

[–] [email protected] 2 points 5 months ago

See? Hidden in an image, clearly that's steganography! /s

[–] [email protected] 1 points 5 months ago

Very cool trick. I've never been comfortable with how Python package installation is effectively arbitrary code execution. It's also a nice reminder that installing packages into a Docker environment is generally safer than going bare ~~back~~ metal.