64
Malicious Go Binary Delivered via Steganography in PyPI
(blog.phylum.io)
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Community icon from opensource.org, but we are not affiliated with them.
Very cool trick. I've never been comfortable with how Python package installation is effectively arbitrary code execution. It's also a nice reminder that installing packages into a Docker environment is generally safer than going bare ~~back~~ metal.