Khrys6d ago

A popular Python library just became a backdoor to your entire machine

https://www.xda-developers.com/popular-python-library-backdoor-machine/

It's one of the most popular Python libraries for interacting with large language models [...] It has over 40,000 stars on GitHub, and it's an important dependency in a lot of AI tooling. It's also been compromised on PyPI, and the malicious versions are stealing everything they can find on your machine.

Sorry but... 🍿

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.

XDA
Show threadCassandrich5d ago
@Khrys Wait, what? Python has a place you can install the Python equivalent of LD_PRELOAD code that gets injected into every program, and packages from their package manager can just drop stuff in there? Who came up with that shit and why isn't it fixed??
Show threadLaíns ⚡🌈🇵🇸
@dalias @Khrys it's an hook from the 'site' module, which is what implements support for user installable package locations, and can be disabled completely. if your threat model allows malware to be installed to those locations, you are already compromised anyway. the hook isn't great sure — it's an old design that's difficult to replace without major downstream breakage — but there are many other ways you can amplify the attack, regardless.
Mar 25 at 3:39amWeb