Khrys1d ago

A popular Python library just became a backdoor to your entire machine

https://www.xda-developers.com/popular-python-library-backdoor-machine/

It's one of the most popular Python libraries for interacting with large language models [...] It has over 40,000 stars on GitHub, and it's an important dependency in a lot of AI tooling. It's also been compromised on PyPI, and the malicious versions are stealing everything they can find on your machine.

Sorry but... 🍿

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.

XDA
Show threadCassandrich1d ago
@Khrys Wait, what? Python has a place you can install the Python equivalent of LD_PRELOAD code that gets injected into every program, and packages from their package manager can just drop stuff in there? Who came up with that shit and why isn't it fixed??
Show threadLEdoian

@dalias Oh this is so awesome! Thanks to this I learned that it is possible to Rickroll a Python user (i.e. anyone who launches anything that is run using Python) at very unexpected times just by placing 83 bytes into the right file in the user's home directory.

Yes, this is a horrible misfeature.

@Khrys

Mar 25 at 3:51amWeb