Over a million developers have joined DZone.

Malicious Libraries Found on Python Package Index (PyPI)

DZone's Guide to

Malicious Libraries Found on Python Package Index (PyPI)

If you get Python packages from the Python Package Index, you'll want to read this news. Have you been affected?

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

Malicious code has been found on the Python Package Index (PyPI), the most popular location for sharing Python packages. This was reported by Slovak National Security Office which was then picked up by Bleeping Computer among other places (i.e. Reddit). The attack vector used typosquatting, which is basically someone uploading a package with a misspelled name of a popular package, for example, lmxl instead of lxml.

You can see the original report from Slovak National Security Office here: http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/

I saw this vector talked about last August in this blog post which a lot of people seemed to think little of. It's interesting that now people are getting a lot more excited about the issue.

This also reminded me of the controversy over a startup called Kite which basically inserted adware/spyware into plugins, such as Atom, autocomplete-python, etc.

Packaging in Python needs some help. I like how much better it is now then it was 10 years ago, but there are still a lot of issues.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

python ,package ,malware ,security

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}