Python Package Installation Can Trigger Malicious Code
Python is an interpreted high-level programming language for general-purpose programming. Created by Guido van Rossum and first released in 1991, Python has a design philosophy that emphasizes code readability, notably using significant whitespace. It provides constructs that enable clear programming on both small and large scales. In July 2018, Van Rossum stepped down as the leader in the language community after 30 years.
Python features a dynamic type system and automatic memory management. It supports multiple programming paradigms, including object-oriented, imperative, functional and procedural, and has a large and comprehensive standard library.
Although there is nothing special about code executing on a machine, the moment when this code is executed is a significant detail from a security standpoint.
The Python programming language allows you to install packages that can be included in your programs to extend their functionality. When your program is executed, the code in the packages will be executed as would be expected. A less known ability, though, is that code can also be executed as part of the installation of the package itself.
A researcher going by the handle mschwager on GitHub demonstrated an attack method that abuses the ‘setup.py’ file in Python modules to perform code execution when the package is installed.
Using this method an attacker could place malicious code inside a package that could execute with root privileges, although not all of packages require this level of permission.
Installation file allows sneaky malware deployment
Python modules are typically installed using a package manager called ‘pip’, which launches a ‘setup.py’ file that is made available by the developer of the package for installation purposes. This file usually receives little attention since it is present only to help the user add a module to their machine.
When it comes to modules or packages, though, people tend to examine them more thoroughly as this is the code that will be imported and run within a program. Thus they are more prone to having the code inspected and malicious code spotted.
Malicious modules in official Python repository
Malicious libraries are not uncommon in package repositories. Last year, researchers discovered ten of them in PyPi, the official third-party store for Python programming language.
The malicious developers uploaded their libraries with names that resembled those of legitimate modules, thus tricking users into downloading them.
Obviously, the attack worked because users believed the name of the package was correct and did not bother to go through the code or check the spelling. Uploading malicious content was possible because the repository lacked security checks and screenings of the content added to its index.
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Cybersecurity services that can protect your company:
Other Location for Online Courses: