Malicious PyPI Packages Using Compiled Python Code to Bypass Detection

Researchers have discovered a novel attack on the Python Package Index (PyPI) repository that employs compiled Python code to sidestep detection by application security tools. “It may be the first supply chain attack to take advantage of the fact that Python bytecode (PYC) files can be directly executed,” ReversingLabs analyst Karlo ZankiĀ saidĀ in a report shared with The Hacker News.
The package

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter