this post was submitted on 14 May 2024

1 points (100.0% liked)

Open Source

31031 readers

809 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml

1

Malicious Go Binary Delivered via Steganography in PyPI (blog.phylum.io)

submitted 5 months ago by Danterious@lemmy.dbzer0.com to c/opensource@lemmy.ml

3 comments fedilink hide all child comments

top 3 comments

sorted by: hot top controversial new old

[–] danielquinn@lemmy.ca 1 points 5 months ago

Very cool trick. I've never been comfortable with how Python package installation is effectively arbitrary code execution. It's also a nice reminder that installing packages into a Docker environment is generally safer than going bare ~~back~~ metal.

[–] bizdelnick@lemmy.ml 1 points 5 months ago (1 children)

It is not steganography. It's just cat original.png trojan > malicious.png.

[–] Markaos@lemmy.one 1 points 5 months ago

See? Hidden in an image, clearly that's steganography! /s