Python 0wned: malicious snakes on a cloud?

Researcher creates proof of concept Python module installation file that executes code with root privileges while remaining off the radar

Amongst the many features of Python is the ability to install modules, or packages, to extend the functionality of your own programs. Once installed, these modules will execute alongside your own code. However, a researcher called ‘mschwager’ has posted details of a proof of concept file to GitHub called 0wned which shows how malicious code can be executed when you initially install the package itself. By manipulating the file within the Python ‘pip’ package manager, 0wned was “able to successfully write to the root directory” mschwager says, continuing “this means that 0wned can do anything as the root or administrative user.”

Click here to read complete article

2 thoughts on “Python 0wned: malicious snakes on a cloud?

  • October 2, 2018 at 8:05 AM

    And the award for best security news report headline goes to…

  • October 4, 2018 at 9:31 AM

    Oh, I can and have done better than that!

Comments are closed.