Maliceus was found in Python's official library

A computer security organization in Slovakia warns that some modified code packages have been added to Python's official library. They also said that some unscrupulous developers have downloaded the package in error for the past three months and have been using the software. On Thursday, the National Security Council of Slovakia said that several upgraded packages have been added more than once since June. The codes of these modifed packages are similar to almost the standard Python packages. Python's package index is briefly called 'pie pie' (PyPI). Slovak authorities also reported that they have already informed the matter to the Python Authority and after that all the modified packages were removed. And removing these will not affect the main server. They have repeatedly told the developers that they do not have any of these systems on this standard package. Not only that, they did provide some good guidance for examining the issue. Modified or infected packages are found, and administrators remove them and add the appropriate packages there. The original package name was 'urllib' and the name of the modifaid package was 'urlib'. And this is exactly the reason why we told you the above. Initially, it was called typing error, but later it was termed as malicious due to some code. Right after Thursday, the staff and researcher Benjamin Bach and journalist Hano Bock announced that they had got more than 20 such infected libraries. They change them. Because these packages were associated with another server that would have to submit developers' IP addresses. The libraries are newly installed within a few minutes. The results showed that packages were downloaded more than 7,000 times in just 2 days !!! Standard Python libraries are not added from any third party store package to Python.


The python is added to an official store from But after Thursday's statement Friday's announcement said it was proved that developers are not working well. Do not give them the best. As a result, Python's security system is being questioned. If a developer uses an official package for an emergency, without using the Official Package of Python, the third party uses it without understanding any package, then it is easy for the attacker to understand and execute the cryptographic functions of any app.
Buck said last Friday "This is the easiest method to control a system in a short time. And now, the problem has come down quite a bit. So users will ignore such problems from now on. Yet we have to sit down to discuss what is the best solution. " On Saturday morning, Python administrators wiped out nearly 20 of the most downloaded python packages. But it is not clear whether the PyPI is actually blocking new packages using the previous name. The onset of the incident One such event happened last year in Germany. Nicolai Phillip Thatcher, a Hambert University student, uploaded packages to PyPI for his Bachelor's Thesis. It also adds it to two other libraries. The package that everyone else submits, the exact name of the same name is submitted. In addition, he adds some code that allows the developers to track them. In just one month, this modifed code was launched in 45 thousand places. Of these, 17 thousand were separate in different domains. And in almost half of the cases, it was possible that almost all types of administrative benefits were available through its code.



Two .mil domains end up being infected with these codes. It is thought that any of the US military services used this script. Batch and Buck continued their research and found that the names used by Thatcher in the PyPI were reused. Buck said, "Benjamin (batch) tried to convince Python security parties and developers about this issue, but it did not respond to any such reaction". This problem was mainly due to Python administrators and developers' stupidity, who used the package without verifying the package. The official package that is most commonly used does not require any type of cryptographic signature. Buck said PyPI is currently working to stop the use of infected packages. But both of them think that there are more solutions needed for this.