PyPI, the official repository for Python packages, has recently announced that it has suspended new users and new project registrations. This announcement might be related to an interesting attack that shows how a seemingly harmless Python script can hide a malicious payload that can compromise a user’s system. The attacker can trick the user into thinking that they are installing a legitimate Python package while, in fact, they are downloading and executing an arbitrary executable file from a remote server. This is just the latest of an ongoing string of malicious packages discovered in open-source code that have created vulnerabilities […]
The post PyPI Suspends New Registrations After Malicious Python Script Attack appeared first on Check Point Blog.
Read the original article: