Two malicious Python libraries caught stealing SSH and GPG keys
One library was available for only two days, but the second was live for nearly a year.
The #Python #security #team removed two #trojanized #Python #libraries from #PyPI (Python Package Index) that were caught #stealing #SSH and #GPG keys from the projects of infected developers.
The two libraries were created by the same #developer and mimicked other more popular libraries -- using a technique called #typosquatting to register similarly-looking names.
The first is "python3-dateutil," which imitated the popular "dateutil" library. The second is "jeIlyfish" (the first L is an I), which mimicked the "jellyfish" library.
The two malicious clones were discovered on Sunday, December 1, by German software developer Lukas Martini. Both libraries were removed on the same day after Martini notified dateutil developers and the PyPI security team.
While the python3-dateutil was created and uploaded on PyPI two days before, on November 29, the jeIlyfish library had been available for nearly a year, since December 11, 2018.
ππΌ Read more:
https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
One library was available for only two days, but the second was live for nearly a year.
The #Python #security #team removed two #trojanized #Python #libraries from #PyPI (Python Package Index) that were caught #stealing #SSH and #GPG keys from the projects of infected developers.
The two libraries were created by the same #developer and mimicked other more popular libraries -- using a technique called #typosquatting to register similarly-looking names.
The first is "python3-dateutil," which imitated the popular "dateutil" library. The second is "jeIlyfish" (the first L is an I), which mimicked the "jellyfish" library.
The two malicious clones were discovered on Sunday, December 1, by German software developer Lukas Martini. Both libraries were removed on the same day after Martini notified dateutil developers and the PyPI security team.
While the python3-dateutil was created and uploaded on PyPI two days before, on November 29, the jeIlyfish library had been available for nearly a year, since December 11, 2018.
ππΌ Read more:
https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
The Hitchhikerβs Guide to Python!
Greetings, Earthling! Welcome to The Hitchhikerβs Guide to Python.
This is a living, breathing guide. If youβd like to contribute, fork us on GitHub!
This handcrafted guide exists to provide both novice and expert Python developers a best practice handbook for the installation, configuration, and usage of Python on a daily basis.
This guide is opinionated in a way that is almost, but not quite, entirely unlike Pythonβs official documentation. You wonβt find a list of every Python web framework available here. Rather, youβll find a nice concise list of highly recommended options.
https://docs.python-guide.org/
https://github.com/realpython/python-guide
#python #guide #handbook
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Greetings, Earthling! Welcome to The Hitchhikerβs Guide to Python.
This is a living, breathing guide. If youβd like to contribute, fork us on GitHub!
This handcrafted guide exists to provide both novice and expert Python developers a best practice handbook for the installation, configuration, and usage of Python on a daily basis.
This guide is opinionated in a way that is almost, but not quite, entirely unlike Pythonβs official documentation. You wonβt find a list of every Python web framework available here. Rather, youβll find a nice concise list of highly recommended options.
https://docs.python-guide.org/
https://github.com/realpython/python-guide
#python #guide #handbook
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
docs.python-guide.org
The Hitchhikerβs Guide to Python! β The Hitchhiker's Guide to Python
An opinionated guide to the Python programming language and a best practice handbook for the installation, configuration, and usage of Python on a daily basis.
Media is too big
VIEW IN TELEGRAM
Decompiling Python Compiled Malware
Threat Researcher Charles Lomboni (@charleslomboni) shows a step by step guide on how to identify and decompile a malware written and compiled with Py2Exe, a Python Windows executable generator.
Charles also shows how to create a Yara rule to match the binary and how to ensure the binary is being caught by the Yara rule.
https://www.youtube.com/watch?v=2ahorISQcjo
#video #python #malware
π₯@cRyPtHoN_INFOSEC_IT
π₯@cRyPtHoN_INFOSEC_FR
π₯@cRyPtHoN_INFOSEC_EN
π₯@cRyPtHoN_INFOSEC_DE
π₯@BlackBox_Archiv
Threat Researcher Charles Lomboni (@charleslomboni) shows a step by step guide on how to identify and decompile a malware written and compiled with Py2Exe, a Python Windows executable generator.
Charles also shows how to create a Yara rule to match the binary and how to ensure the binary is being caught by the Yara rule.
https://www.youtube.com/watch?v=2ahorISQcjo
#video #python #malware
π₯@cRyPtHoN_INFOSEC_IT
π₯@cRyPtHoN_INFOSEC_FR
π₯@cRyPtHoN_INFOSEC_EN
π₯@cRyPtHoN_INFOSEC_DE
π₯@BlackBox_Archiv