Alerts
Events
DCR
Explore Cyware Products
Alerts
Events
DCR
Go to listing page
PyPI Feature Executes Code Automatically After Python Package Download
Malware and Vulnerabilities
September 02, 2022
The Hacker News
While threat actors have resorted to incorporating malicious code in the setup.py file, Checkmarx found that adversaries could achieve the same goals by running what's called a "pip download" command.
Read More
PyPI packages
Python Package Index (PyPI)
Supply Chain Attack
Code Execution Exploit
malicious code
Publisher
Previous
HelpSystems Acquires Outflank
Companies to Watch
Next
BumbleBee, a New Modular Backdoor Evolved From BookWorm
Malware and Vulnerabilities
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock_000068852897_Medium.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/5bfd_shutterstock_2010157400.jpg)
