back to article Malicious PyPI package found posing as a SentinelOne SDK

Threat researchers have found a rapidly updated malicious Python package on PyPI masquerading as a legitimate software-development kit (SDK) from cybersecurity firm SentinelOne, but actually contains malware designed to exfiltrate data from infected systems. The package, which carried the name SentinelOne and has since been …

  1. Version 1.0 Silver badge
    Pirate

    Python is great but ...

    ...as Python develops in future will this become more common? At least it's a confirmation that Python is universally popular these days.

    I guess Python is far more popular now than COBOL or FORTRAN, I've never seen any malware or infections written in either of those languages - so if the modern environment doesn't change maybe we should return to the days when languages didn't support all of today's problems? I wouldn't be happy about that, but maybe we could be a hell of a lot safer.

    1. that one in the corner Silver badge

      Re: Python is great but ...

      > we should return to the days when languages didn't support all of today's problems?

      Like, being able to read files and access a network?

      The problem here has nothing to do with which language is being used - it is purely about being too trusting of unknown code (specifically, an unverified owner) and running it in an environment that allows it to succeed in doing Bad Things.

      1. Lil Endian Silver badge

        Re: Python is great but ...

        Pretty much my response to a post in Parental control apps - linked so as not to repeat the post.

        1. Anonymous Coward
          Anonymous Coward

          Re: Python is great but ...

          Except it is unfairly a language problem if the language readily uses such acquisition methods.

          NPM, PyPI, crates, etc. have all become language problems because they have accepted them as common utilities of the language. Just because they're online doesn't mean there any different of a problem than say a possible bug/exploit in the offline C stand library. If it's accepted as a utility, it is.

          As for PyPi in particular, shit... Guido himself is the president of PyPi!! Are you suuuuure it can't be considered part of the language?

          1. Claptrap314 Silver badge

            Re: Python is great but ...

            Yes.

            It is part of the language if it ships as part of the language. Otherwise, no. Ruby is going through a significant evolution to drop things from the standard library because no one wants to support the packages. They are being spun out as gems on rubygems.org, and I don't care if Matz himself 100% owns the operation, it is still not going to be part of ruby proper.

            These sites, starting with CPAN, have ALWAYS have a core problem of trust when you download the code. But there is a difference between the site itself being insecure (as has happened), and packages maintainers failing to secure their packages (as has happened), and packages are created corrupt (which is what we are talking about here).

            Certainly, site owners must up their game wrt these drive-by corrupt packages. Tell me, just how much do YOU pay them to do that when you download code from their sites?

    2. lephuong

      Re: Python is great but ...

      Supply chain attack is the problem of "package distribution", not a language problem. If there is a website that provides COBOL or FORTRAN modules for everybody to re-use, it would have the same issue.

      1. Lil Endian Silver badge

        Re: Python is great but ...

        Supply chain attack is the vector. Trusting third-party, unvetted code is the problem.

        I agree with your points though.

        [Edit: I've realised that I misunderstood your first sentence. My apologies. It doesn't change much, we're in agreement anyhoo! :) ]

  2. Lil Endian Silver badge
    Joke

    Laziness & Loyalty FTW!

    Slurp up my SSH keys! There are probably hundreds there, accrued over nearly 30 years, I'm just too damn lazy to clean up the cruft. If you manage to find an active key, it'll still be no good to you. Why? Because you'll never infiltrate my networks, you'll never turn Speckled Jim! I raised him from a chick, he was my only childhood friend!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like