"Researchers Uncover PyPI Package Hiding Malicious Code Behind Image File"

A malicious package found on the Python Package Index (PyPI) was discovered using a steganographic trick to conceal malicious code within image files. According to researchers at Check Point, the package in question, named "apicolor," was uploaded to the Python third-party repository on October 31, 2022, and is described as a "Core lib for REST API." It has since been removed. Apicolor, like other recently discovered rogue packages, hides its malicious behavior in the setup script, which is used to specify metadata about the package, such as its dependencies. This takes the form of a second package called "judyb," as well as a seemingly innocuous PNG file called "8F4D2uF.png," which is hosted on Imgur, an image-sharing service. This article continues to discuss the discovery of a PyPI package hiding malicious code behind image files.

THN reports "Researchers Uncover PyPI Package Hiding Malicious Code Behind Image File"