63

Malicious Go Binary Delivered via Steganography in PyPI (blog.phylum.io)

submitted 1 month ago by Danterious@lemmy.dbzer0.com to c/opensource@lemmy.ml

3 comments fedilink hide all child comments

top 3 comments

sorted by: hot top controversial new old

[-] danielquinn@lemmy.ca 17 points 1 month ago

Very cool trick. I've never been comfortable with how Python package installation is effectively arbitrary code execution. It's also a nice reminder that installing packages into a Docker environment is generally safer than going bare ~~back~~ metal.

[-] bizdelnick@lemmy.ml 9 points 1 month ago

It is not steganography. It's just cat original.png trojan > malicious.png.

[-] Markaos@lemmy.one 7 points 1 month ago

See? Hidden in an image, clearly that's steganography! /s

this post was submitted on 14 May 2024

63 points (97.0% liked)

Open Source

28889 readers

162 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 4 years ago

MODERATORS

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml